[
https://issues.jboss.org/browse/AS7-3112?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse commented on AS7-3112:
---------------------------------------
An additional consideration needs to be how the OptionMap is assembled - this is currently
assembled in the RealmSecurityProviderService so the realms a independent of Remoting but
if a negotiating authenticator can be considered we may just want to ensure consistency
across the mechanisms.
Better integration of service based ServerAuthenticationProviders
-----------------------------------------------------------------
Key: AS7-3112
URL:
https://issues.jboss.org/browse/AS7-3112
Project: Application Server 7
Issue Type: Task
Components: Domain Management, Remoting, Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 7.2.0.Alpha1
The security configuration of Remoting within AS7 is based on supplying three things: -
- The ServerAuthenticationProvider to obtain mechanism specific CallbackHanlders
- The OptionMap to control the security mechanisms made available / mandated.
- Possibly an initialised SSLContext for XnioSsl if SSL is being enabled.
For domain management the capabilities of the backing realm are used to define the
security offered i.e. if we have no SSL configuration we can not enable SSL, if the
backing store can not return the plain text passwords we can not enable DIGEST. This has
been achieved so far by using an intermediary service to define the configuration based on
capabilities alone.
This task it to take it one step further and allow this intermediary to be defined within
the Remoting subsystem and maybe an equivalent for pure domain management to act as both a
intermediary to define configuration based on the realm and also to allow additional
configuration overrides. i.e. we need to support the additional SASL options available
and SSL options available - this will somehow need to be merged / validated with the realm
capabilities e.g. if a Realm is incompatible with Digest a user can not force the use of
Digest.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira