Hi Lukasz,
I am not sure how the optional flag would work. I suspsect though that I
get no roles when the authentication fails.
Basically the problem is that I do not have a password when doing the
login. Of course the user is not unauthenticated as the certificate
check is already
done by ws-security.
Yes I can create a certificate login module. But it would have to copy
all role retrieval code from the LDAPLoginModule. The certificate check
is done by checking the trust of the certiicate and
the proof of possesion. During this I do not get any roles. So I still
would have to call ldap with a fixed user to get the roles. I will do
some experiments with this and will report back if I find a better
way than the switch.
Christian
Am 06.03.2013 23:37, schrieb Łukasz Dywicki:
Hey Christian,
I am not sure *if* thats really good direction. I haven't seen option like
this before in other JAAS module implementations, but I may have limited
view for this. A proper way to do that with JAAS is to use control flags
like required, sufficient or optional. that's the way how overall JAAS was
designed. If you really need additional principals attached to subject you
can add them in certificate login module/code, don't you?
Best regards,
Łukasz
W dniu poniedziałek, 4 marca 2013 użytkownik Christian Schneider napisał:
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
