[jboss-jira] [JBoss JIRA] Closed: (JBAS-7542) RemoteHostTrustLoginModule / Valve for allowing third party authentication

Wednesday, 23 December 2009



     [
https://jira.jboss.org/jira/browse/JBAS-7542?page=com.atlassian.jira.plug...
]

Anil Saldhana closed JBAS-7542.
-------------------------------

    Resolution: Done


Updated with Security Libraries 2.1.0.20091223

...
 RemoteHostTrustLoginModule / Valve for allowing third party
authentication 
 ---------------------------------------------------------------------------

                 Key: JBAS-7542
                 URL: https://jira.jboss.org/jira/browse/JBAS-7542
             Project: JBoss Application Server
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
          Components: Security
    Affects Versions: JBossAS-4.2.3.GA
            Reporter: Andrew Oliver
            Assignee: Andrew Oliver
             Fix For: JBossAS-6.0.0.M2


 Presently Tested With 4.3.0.  This login module is for the specific case of needing to
pass credentials between instances without re-authenticating (diagram:
http://dl.dropbox.com/u/1368565/redhat/patches/diagram_trust.png and
http://dl.dropbox.com/u/1368565/redhat/patches/diagram_trust.odg).  The valve puts the
getRemoteHost from a request object in a thread local value.  The login module checks this
supplied getRemoteHost (generally an IP) against a list of trusted IPs.  This should only
be used behind a firewall with spoofing disabled where network security has assured the
getRemoteHost call returns a valid value.  No testcase is included as it requires a
specific network setup and multiple instances.
 If there are no objections I'll commit this to the trunk with my LdapExtLoginModule
patches.
 http://dl.dropbox.com/u/1368565/redhat/patches/HostThreadLocal.java
 http://dl.dropbox.com/u/1368565/redhat/patches/RemoteHostTrustLoginModule...
 http://dl.dropbox.com/u/1368565/redhat/patches/RemoteHostValve.java
 In order to use it (login-config.xml):
  <application-policy name = "jmx-console">
     <authentication>
        <login-module
code="org.jboss.security.auth.spi.RemoteHostTrustLoginModule"
           flag = "optional">
           <module-option
name="password-stacking">useFirstPass</module-option>
           <module-option
name="trustedHosts">192.168.49.10</module-option>
           <module-option
name="roles">transportAuthenticated</module-option>
        </login-module>
 .. some other login module ...
   </authentication>
 </application-policy>
 context.xml:
 <Context>
 <Valve className="org.jboss.web.tomcat.security.RemoteHostValve"/>
 </Context> 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] Closed: (JBAS-7542) RemoteHostTrustLoginModule / Valve for allowing third party authentication