[jboss-jira] [JBoss JIRA] Resolved: (JBAS-7542) RemoteHostTrustLoginModule / Valve for allowing third party authentication
[
https://jira.jboss.org/jira/browse/JBAS-7542?page=com.atlassian.jira.plug...
]
Andrew Oliver resolved JBAS-7542.
---------------------------------
Resolution: Done
now uses reflection to get around build/module artificial structure
RemoteHostTrustLoginModule / Valve for allowing third party
authentication
---------------------------------------------------------------------------
Key: JBAS-7542
URL: https://jira.jboss.org/jira/browse/JBAS-7542
Project: JBoss Application Server
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.2.3.GA
Reporter: Andrew Oliver
Assignee: Andrew Oliver
Presently Tested With 4.3.0. This login module is for the specific case of needing to
pass credentials between instances without re-authenticating (diagram:
http://dl.dropbox.com/u/1368565/redhat/patches/diagram_trust.png and
http://dl.dropbox.com/u/1368565/redhat/patches/diagram_trust.odg). The valve puts the
getRemoteHost from a request object in a thread local value. The login module checks this
supplied getRemoteHost (generally an IP) against a list of trusted IPs. This should only
be used behind a firewall with spoofing disabled where network security has assured the
getRemoteHost call returns a valid value. No testcase is included as it requires a
specific network setup and multiple instances.
If there are no objections I'll commit this to the trunk with my LdapExtLoginModule
patches.
http://dl.dropbox.com/u/1368565/redhat/patches/HostThreadLocal.java
http://dl.dropbox.com/u/1368565/redhat/patches/RemoteHostTrustLoginModule...
http://dl.dropbox.com/u/1368565/redhat/patches/RemoteHostValve.java
In order to use it (login-config.xml):
<application-policy name = "jmx-console">
<authentication>
<login-module
code="org.jboss.security.auth.spi.RemoteHostTrustLoginModule"
flag = "optional">
<module-option
name="password-stacking">useFirstPass</module-option>
<module-option
name="trustedHosts">192.168.49.10</module-option>
<module-option
name="roles">transportAuthenticated</module-option>
</login-module>
.. some other login module ...
</authentication>
</application-policy>
context.xml:
<Context>
<Valve className="org.jboss.web.tomcat.security.RemoteHostValve"/>
</Context>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
