Hi, I'm close to get JAAS realm and the memory LoginModule working - if I remember correctly we agreed to make JAAS the default for 5.0 ( I don't remember any objections ).
I never tried it in 4.x - but from the code and code I strongly doubt it works. There is one change I would like to make. As you know, JAAS login modules return a Subject and a set of Principals. There is no clear way to decide which Principals are Roles - so we currently require the user to configure the realm with the list of classes that are role principals. In addition to that, I would like to support a different pattern - used in JBoss - which seems much cleaner and logical. If a Principal of type "java.security.acl.Group" is found - named "Roles" - we'll treat all the Principlas in that Group as roles. ( the old mechanism should still be supported, of course ) The other problem: I think we should move the catalina-indepedent JAAS code in a separate module, for example j-t-c/jaas. That would include SimplePrincipal, MemoryLoginModule - and eventually JNDI/JDBC/etc LoginModules if anyone has the time to make the conversion. It's not a big priority, but it'll clean up the code deps and maybe the code could be reused. Opinions ? Votes ? Costin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
