[jboss-dev-forums] [PicketBox Development] - JSR-160 connectors security

[ANIL SALDHANA]

ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] created the discussion

"JSR-160 connectors security"

To view the discussion, visit: http://community.jboss.org/message/535651#535651

--------------------------------------------------------------
This is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JSR-160 specification.

Studying the JSR-160 specification, in the section III on JMX Remote Connector API:

* Section 13.12 Connector Security

On the server side, when the connectors are created, they are instantiated with JMXAuthenticator.  ( http://java.sun.com/j2se/1.5.0/docs/api/javax/management/remote/JMXAuthenticator.html JMXAuthenticator Javadoc)

If you look at the API for JMXAuthenticator, you will see that there is just one method namely: "+*Subject  authenticate( Object credential )*+".  As you can see, we pass in a credential and then get back an authenticated subject.

The credential can be open ended.  Ok, what about the username?  Read below:

>From the JSR-160 specification, we see that there is a concrete class called as RMIConnector.

* Section 14.4 Basic Security

TBD.

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/535651#535651]

Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20100405/ef05c608/attachment.html