[jboss-dev-forums] [Design of Security on JBoss] - Re: Problem with custom login modules
sguilhen@redhat.com
do-not-reply at jboss.com
Tue Nov 13 18:05:29 EST 2007
When Marcus and I discussed this issue earlier today, we first considered adding some kind of check (for example, to make sure the login module is not the IBM Kerberos LM) in the AuthenticationInfo class before setting the security-domain name option, to avoid this kind of problem. This approach has a clear downside: if later on we find out about another login module that doesn't accept extra options, we will have to change our check and the code will have to be re-compiled.
Thus, I think the approach Marcus is suggesting is better, as it will allow users to specify that they don't want security domain name to be automatically inserted as a module option in the configuration file. This way, no code has to re-compiled or changed.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4104344#4104344
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4104344
More information about the jboss-dev-forums
mailing list