[jira] Commented: (GERONIMO-3303) Simplify security authentication framework by removing "mixed" local/remote logins.

Thu, 12 Jul 2007 04:23:25 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-3303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12512041
 ] 

Vamsavardhana Reddy commented on GERONIMO-3303:
-----------------------------------------------

Removed empty packages/directories.

Completed: At revision: 555583 in trunk.

> Simplify security authentication framework by removing "mixed" local/remote 
> logins.
> -----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3303
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3303
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0-M6
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0-M7
>
>
> Back at apachecon 2005 there was a big discussion where we decided to remove 
> the parts of the geronimo authentication framework that let clients run login 
> modules on the server.  See the email from me dated Dec 23, 2005, at 6:37 PM, 
> Geronimo Security plans (from ApacheCon).
> I've finally replaced the remote login with something using the openejb 
> protocol and removed the no longer needed code.  This is a big simplification.
> I've refactored the authentication stuff so that:
> - we still have a GeronimoLoginConfiguration
> - we can still (optionally) wrap principals to determine exactly which login 
> module and realm they came from
> - all authentication happens in a single vm, no sneaky remoting stuff
> - we use the LoginContext to create the login modules directly from the 
> AppConfigurationEntry[]
> - registering and unregistering the subject and inserting the identification 
> principal is done by a login module automatically added by the 
> GenericSecurityRealm, rather than the JaasSecuritySession
> This eliminates most of the hard to understand code including:
> JaasLoginCoordinator
> JaasSecuritySession
> JaasLoginService
> I've also removed the subject carrying protocol and the remoting jmx code 
> since it isn't used.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to