5:17 a.m.
ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the
discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/561872#561872
--------------------------------------------------------------
Further discussions with AS team has yielded something like the following:
<security-domain name="foo">
<ldap-auth server="...">
<jdbc-auth ...>
<extension module="..." class="...">
</security-domain>
This is just a natural language description in the domain model. What
"ldap-auth" maps to is an implementation detail.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/561872#561872]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
11:45 a.m.
ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the
discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/562240#562240
--------------------------------------------------------------
The domain model should also consider SSO into various containers. It will be a sub
element of the ejb, web domain language. We are going to be pushing for the use of STS.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/562240#562240]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
8:15 a.m.
Darran Lofthouse [http://community.jboss.org/people/dlofthouse] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590934#590934
--------------------------------------------------------------
Is this approach still being considered? I see from the current schema that we seem to
now be configuring using a login-module element rather than mechanism specific elements as
in this post.
Anil Saldhana wrote:
Further discussions with AS team has yielded something like the following:
<security-domain name="foo">
<ldap-auth server="...">
<jdbc-auth ...>
<extension module="..." class="...">
</security-domain>
This is just a natural language description in the domain model. What
"ldap-auth" maps to is an implementation detail.
Just really checking if there will be authentication mechanism specific elements / types I
can re-use or if we are remaining with the generic login-module elements?
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590934#590934]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
8:33 a.m.
Marcus Moyses [http://community.jboss.org/people/mmoyses] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590941#590941
--------------------------------------------------------------
Right now we are still using the same format we had in previous versions (except replacing
application-policy for security-domain). We are not using FQCN for the login modules. We
are using aliases for the class names mapped on the ModulesMap interface. Have in mind
that this is likely to change when we finish separating authentication from role mapping
in the JAAS login modules.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590941#590941]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
8:42 a.m.
Darran Lofthouse [http://community.jboss.org/people/dlofthouse] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590944#590944
--------------------------------------------------------------
Have in mind that this is likely to change when we finish separating
authentication from role mapping in the JAAS login modules.
What I am trying to make sure of is that the configuration for the domain management is
following the same approach as for the AS security domains so when you say this will be
changing do you mean before JBoss AS 7 is released?
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590944#590944]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
9:01 a.m.
Marcus Moyses [http://community.jboss.org/people/mmoyses] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590951#590951
--------------------------------------------------------------
Yes, we plan to have the new login modules ready for AS7 GA. The way security domains are
configured will not change, only the login module's aliases (and implementations).
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590951#590951]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
9:20 a.m.
Darran Lofthouse [http://community.jboss.org/people/dlofthouse] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590961#590961
--------------------------------------------------------------
Thanks will keep that in mind,
Regarding the ModulesMap has there been any consideration regarding making that map
cusomtisable? I am just thinking that further additions to JBoss AS my bring in
additional LoginModules that are not available by default but that may benefit from being
added to the map so that they can be referenced using a simple name.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590961#590961]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
10:33 a.m.
Marcus Moyses [http://community.jboss.org/people/mmoyses] created the discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit: http://community.jboss.org/message/590978#590978
--------------------------------------------------------------
I haven't put much thought into that. The idea of the map was to include the login
modules (and other modules such as authorization, mapping, et cetera) that we provide as
part of AS. Other login modules (customer's modules for instance) would be mapped
using FQCN but before this can work we need to figure out how to load those classes with
the new module classloader since LoginContext (part of JRE) will try and load the class
using the TCCL.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/590978#590978]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
5042
days inactive
5211
days old
jboss-dev-forums@lists.jboss.org
7 comments
3 participants
participants (3)
-
ANIL SALDHANA -
Darran Lofthouse
-
Marcus Moyses