[jboss-dev-forums] [Design of Security on JBoss] - Re: Problem with custom login modules

[anil.saldhana@jboss.com]

  | (3:59:29 PM) Marcus: stefan and I were discussing our options in the kerberos case and we came up with 3 options... do you have time now to talk about it?
  | (3:59:35 PM) anil_msn: k
  | (4:00:10 PM) Marcus: option 1 is to remove the debug message (undo the jira issue)
  | (4:01:20 PM) Marcus: option 2 is to assume only jboss login modules will have that option, so we filter the login modules by the class name and only add the option to the map if the package is org.jboss.security
  | (4:03:13 PM) Marcus: option 3 we modify the security_config.xsd to add an attribute to the <login-module> element to specify if the login module accepts the debug option. this attribute will not be required and defaults to true. in a rare case like this, the costumer can set this attribute to false so that the option will not be added to the map
  | (4:05:15 PM) anil_msn: I was thinking about option 2 in the afternoon
  | (4:05:38 PM) anil_msn: but I think we need option 3 because customers who have written their own login module can get the sec domain
  | (4:08:18 PM) Marcus: option 3 is probably the best in our opinion. everything keeps working as it is and only in the rare occasion where a custom login module has this problem we have a workaround
  | (4:09:45 PM) Marcus: with option 2, custom login modules that extend one of our own will print null for the config name, because the option will not be in the map

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4104338#4104338

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4104338