Costin, Sorry to mail you directly, but this doesn't seem like a major group discussion kind of thing.
At work I'm doing a project that has an interesting set of criteria for user authentication that I haven't really seen a way to do with JAAS readily. Basically it boils down to this, a user has a userid, a password, and a potential 'secondary' password. What I haven't been able to figure out is if there would be a way through realms to implement this type of authentication scheme. This is really just a "wonder how it could be done" question and if you have no time to possibly give me some thoughts no big deal. Thanks for any ideas on how this /might/ be done if you get some time. --Dave ----- Original Message ----- From: "Costin Manolache" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 11, 2003 20:31 Subject: JAAS Auth > Hi, > > I'm close to get JAAS realm and the memory LoginModule working - if I > remember correctly we agreed to make JAAS the default for 5.0 ( I don't > remember any objections ). > > I never tried it in 4.x - but from the code and code I strongly doubt it > works. > > There is one change I would like to make. > > As you know, JAAS login modules return a Subject and a set of Principals. > There is no clear way to decide which Principals are Roles - so we > currently require the user to configure the realm with the list of classes > that are role principals. > > In addition to that, I would like to support a different pattern - used > in JBoss - which seems much cleaner and logical. > > If a Principal of type "java.security.acl.Group" is found - named "Roles" - > we'll treat all the Principlas in that Group as roles. ( the old mechanism > should still be supported, of course ) > > The other problem: I think we should move the catalina-indepedent JAAS > code in a separate module, for example j-t-c/jaas. That would include > SimplePrincipal, MemoryLoginModule - and eventually JNDI/JDBC/etc > LoginModules if anyone has the time to make the conversion. It's not a big > priority, but it'll clean up the code deps and maybe the code could be > reused. > > Opinions ? Votes ? > > Costin > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
