[jboss-dev-forums] [Design of Security on JBoss] - Re: Problem with custom login modules

Tuesday, 13 November 2007

  | (3:59:29 PM) Marcus: stefan and I were discussing our options in the kerberos case and
we came up with 3 options... do you have time now to talk about it?
  | (3:59:35 PM) anil_msn: k
  | (4:00:10 PM) Marcus: option 1 is to remove the debug message (undo the jira issue)
  | (4:01:20 PM) Marcus: option 2 is to assume only jboss login modules will have that
option, so we filter the login modules by the class name and only add the option to the
map if the package is org.jboss.security
  | (4:03:13 PM) Marcus: option 3 we modify the security_config.xsd to add an attribute to
the <login-module> element to specify if the login module accepts the debug option.
this attribute will not be required and defaults to true. in a rare case like this, the
costumer can set this attribute to false so that the option will not be added to the map
  | (4:05:15 PM) anil_msn: I was thinking about option 2 in the afternoon
  | (4:05:38 PM) anil_msn: but I think we need option 3 because customers who have written
their own login module can get the sec domain
  | (4:08:18 PM) Marcus: option 3 is probably the best in our opinion. everything keeps
working as it is and only in the rare occasion where a custom login module has this
problem we have a workaround
  | (4:09:45 PM) Marcus: with option 2, custom login modules that extend one of our own
will print null for the config name, because the option will not be in the map

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4104338#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of Security on JBoss] - Re: Problem with custom login modules