Re: Some 2.8 auth improvements

Mon, 17 Mar 2008 23:45:26 -0700

Hey Alex -- you asked a fine question. We do indeed use JAAS LoginModules to access container credentials. Those will still be used in 2.8.. What changes is the need to rely on JVM-wide JAAS *configuration* -- specifically the need to obtain a LoginContext from the JVM-wide config.
The new strategy keeps the stuff that works (the LoginModule classes) and kills the stuff that is annoying (the need for a JAAS config file aka jspwiki.jaas.. 

On Mar 17, 2008, at 23:55, Alex Samad <[EMAIL PROTECTED]> wrote:


Hi

On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:

All --

I went ahead and did something I've been meaning to do for a while:
eliminate the dependency on JAAS configuration from JSPWiki. The idea
was to get rid of the tweaks and hacks we use to configure the login
process, and eliminate a bunch of configuration hassles.

It's all ready to go: code, unit tests, javadoc and jspwiki comments.
All I need is a 2.8 branch to put it in.

Some more information about the refactoring:

The technique I've employed does three things: it refactors

AuthenticationManager, adds some responsibilities to  
WikiServletFilter,
and moves configuration of the login process to jspwiki.properties.  
Best

of all: the API changes are fairly small, and we re-use the existing
LoginModules.

The upsides to the new approach are many:
- Elimination of the need to configure JAAS at runtime
- Maintains backwards compatibility with any existing third-party
LoginModules that may have been developed for JSPWiki
- Adds the ability to use MORE LoginModules with JSPWiki (because we
move responsibility for adding/deleting JSPWiki Roles out of the
LoginModules, and into AuthenticationManager)

- Removes the last barrier for "drop-in" deployments on ALL  
containers

(no need to worry about JAAS configuration)


There are very few downsides, other than the fact that WikiContext  
loses
a few methods that were only used by one or two callers, and were  
only

public because of package boundaries.

going to show how much I don't know, but wasn't JAAS the method used  
to

access container authentication?



Andrew



--
"Joe, I don't do nuance."

   - George W. Bush
02/15/2004
to Sen. Joseph Biden, as quoted in Time






















					Reply via email to