[jboss-dev-forums] [Design of Security on JBoss] - JBoss Negotiation - Onto The GA Release
darran.lofthouse@jboss.com
do-not-reply at jboss.com
Thu Dec 4 10:39:17 EST 2008
Apart from some small code areas to tidy up I have one area that still needs to be decided before we can release the first GA.
The implementation of the login module requires an LDAP login module to be chained so that the LDAP login module can perform the roles search.
Our existing login modules were not really up to the job for this so the JBoss Negotiation project now contains a new login module: -
org.jboss.security.negotiation.AdvancedLdapLoginModule
https://jira.jboss.org/jira/browse/SECURITY-133
This new login module no longer extends the 'UsernamePasswordLoginModule' as it was this design pattern that was making using this login module for just role searches difficult.
The new login module is very similar to the 'LdapExtLoginModule', the roles search is subtly different from the 'LdapExtLoginModule' roles search but I could modify this to be compatible if needed. In addition to this the new login module can authenticate itself against LDAP using GSSAPI and a local keytab.
The questions are: -
Are we happy to have a third LDAP login module?
Where should it live? Although the JBoss Negotiation project was the driving need for this module there is no reason for the module itself to be part of JBoss Negotiation.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4194376#4194376
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4194376
More information about the jboss-dev-forums
mailing list