Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/585971#585971 -------------------------------------------------------------- That would seem to be quite a restriction on how users can deploy their applications, a single server can still have multiple applications deployed each with their own domain requirements. Also what do you mean when you say "All applications would install their own security domain along with the files required for them." - are you saying the domain would no longer be defined within a subsystem? -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/585971#585971] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/585974#585974 -------------------------------------------------------------- So in this case you would be looking for the security domains to be statically defined within the application rather than centrally defined / manageable within the domain model - so to modify the configuration of a security domain the administrators would be required to redeploy their apllication across their domain to pick up a new configuration. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/585974#585974] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Marcus Moyses [http://community.jboss.org/people/mmoyses] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586062#586062 -------------------------------------------------------------- Security domains based on property files are the simplest of  all login modules we provide. Any serious real world application would actually use DBs or LDAP servers as the backend for authentication. I don't see a problem of requiring the property file to be included in the application so it's available in its classpath. Remember web-console used to do just that. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586062#586062] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586074#586074 -------------------------------------------------------------- I think extremely simple test deployments can use settings from the domain model. Something along the lines: <security-domain><login-module name="inlinemodule"><option user="anil" pass="awesome"/> <option role="magic"/></login-module> This is for testing purposes or demo purposes only. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586074#586074] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586279#586279 -------------------------------------------------------------- A possibility is to create blocks of user/role/group combination in the domain model (using PL IDM), then reference them in the login module. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586279#586279] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586284#586284 -------------------------------------------------------------- I am going to be bringing the PL IDM component as a module.  We need it for user management for components such as HornetQ user mgmt. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586284#586284] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Jason Greene [http://community.jboss.org/people/jason.greene%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586288#586288 -------------------------------------------------------------- We need to be very careful about how user management is done, if it should be done at all for 7.0. Anything that stores state has to somehow be replicated across all the hosts in the domain. This opens the door to all kinds of problems: * Do you allow distribution of keystores which may have private keys? (very dangerous) * Do you store passwords in the domain.xml, and do you obfuscate them giving a false sense of security? * If it's not in domain.xml how is the state going to be replicated in a way thats consistent with domain.xml? Also note that anyone serious about security, is probably going to prefer a centralized security server over a user password distribution model. In this case all of the work we do here would go to waste. In the meeting in Madison, we talked about how the likely easiest thing to do was to just have the domain.xml REFER to whatever the security store is, and then let the user decide how it gets on the box if it needs to be. They already have to install AS for every location, so that might as well drop a properties file if thats what they are using. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586288#586288] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

Anil Saldhana [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion "Re: AS7 Property File Based Login Modules" To view the discussion, visit: http://community.jboss.org/message/586298#586298 -------------------------------------------------------------- Password based encryption is lower in trust pyramid - does not require keys but is able to mask passwords which works for most deployments. So if this PBE approach can be taken to mask the password. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/586298#586298] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]