[jboss-dev-forums] [Design of Security on JBoss] - Security and JCA
adrian@jboss.org
do-not-reply at jboss.com
Tue Apr 1 06:43:29 EDT 2008
I've just reinstated org.jboss.security.Util which is used by a JCA login module (PBE)
that hadn't been ported to jboss-head.
On a more general note:
We've had this discussion on the jca forum and basically we don't understand
why there are login modules in the connector project?
All we want is to inject a Subject factory into the connection manager.
So we should have is some kind of interface in jboss-integration/jca-spi
(or maybe it should belong in a security integration spi?)
| public interface SubjectFactory
| {
| Subject getSubject();
| }
|
None of jboss security specifc code (login modules, crypto calls, etc.)
should be in the connector project at all.
Can we get this fixed for JBoss5?
The JCA login modules aren't exactly JCA specific. :-)
They are things like login with a given identity or take it from the thread assocation, etc.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4140394#4140394
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4140394
More information about the jboss-dev-forums
mailing list