[jboss-dev-forums] [IronJacamar Development] - Reauthentication
Jesper Pedersen
do-not-reply at jboss.com
Wed Feb 2 16:22:04 EST 2011
Jesper Pedersen [http://community.jboss.org/people/jesper.pedersen] created the document:
"Reauthentication"
To view the document, visit: http://community.jboss.org/docs/DOC-16434
--------------------------------------------------------------
h2. Description
A resource adapter can re-authenticate a physical connection (that is, one that already exists in the connection pool under a different security context) to the underlying EIS. A resource adapter performs reauthentication when an application server calls the getConnection method with a security context, passed as a Subject instance, different from the context previously associated with the physical connection.
h2. Requirements
* Reauthentication support: The resource adapter provider must specify whether a resource adapter supports reauthentication of an existing physical connection.
* The matchManagedConnections method in ManagedConnectionFactory may return a matched ManagedConnection instance with the assumption that the ManagedConnection.getConnection method will later switch the security context through reauthentication.
* If reauthentication is successful, the resource adapter has changed the security context of the underlying ManagedConnection instance to that associated with the passed Subject instance.
Detailed description of the reauthentication process is described in section 9.1.9.
h2. Design
h2. Implementation
h2. Test suite
h3. Test client
1. Lookup connection factory / connection
2. Invoke connection with credential #1
3. Invoke connection with credential #2
should lead to success
h3. Resource adapter
* Reauthentication enabled
* Expose simple connection interface
* Configuration: Initially <min-pool-size> and <max-pool-size> should be set to 1
h3. Target system
* Allow a configured number of connections (java.net.Socket)
* Support Subject based security
* Support CRI based security
* Support reauthentication on existing connection
* Be able to run in-VM
Option #C and #A described in section 9.1.9 should be tested in that order.
Ideally the entire test suite setup can be included as an example in the user guide.
h2. JDBC
Some databases support reauthentication, so we need to provide a way to enable support in our JDBC resource adapter.
We can also provide plugins for the Open Source databases that supports this.
h2. Links
* http://jcp.org/en/jsr/detail?id=322 Java EE Connector Architecture 1.6
* https://issues.jboss.org/browse/JBJCA-94 JBJCA-94
* http://community.jboss.org/en/picketbox PicketBox user forum
* http://community.jboss.org/en/picketbox/dev PicketBox developer forum
* http://community.jboss.org/docs/DOC-10430 Old JCA pooling mechanims
* http://community.jboss.org/message/230163#230163 User thread
* https://issues.jboss.org/browse/JBAS-1429 JBAS-1429
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16434]
Create a new document in IronJacamar Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2099]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20110202/4ec1355a/attachment.html
More information about the jboss-dev-forums
mailing list