[jboss-jira] [JBoss JIRA] Assigned: (JBAS-5096) Security Association with Virtual Hosts

Remy Maucherat (JIRA) jira-events at lists.jboss.org
Fri Dec 21 11:02:46 EST 2007 

     [ http://jira.jboss.com/jira/browse/JBAS-5096?page=all ]

Remy Maucherat reassigned JBAS-5096:
------------------------------------

    Assignee: Anil Saldhana  (was: Remy Maucherat)

Forward to Anil to look at. I think 4.2 is frozen, however.

> Security Association with Virtual Hosts
> ---------------------------------------
>
>                 Key: JBAS-5096
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5096
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-4.2.2.GA
>            Reporter: Andrew Oliver
>         Assigned To: Anil Saldhana
>
> At present jboss-web takes one security-domain and potentially many virtual-host configurations such that one webapp is deployed to many virtual hosts with the same security domain. For websites with multiple regions, it often makes sense to use DIFFERENT security domains for each virtual host.
> Today we can have only
> jboss-web
>   security-association
>   virtual-host
> Ideally we could have
> jboss-web
>   virtual-host
>      security-association
>   virtual-host
>      security-association
> Or:
> jboss-web
>   security-association
>   virtual-host
>      security-association
>   virtual-host
>      security-association
> where the virtual host security-associations would override the parent.
> In tomcat/src/main/org/jboss/web/tomcat/service/TomcatDeployer.xml the performDeployInternal happens ALREADY for each hostname. At present it uses ONE SecurityAssociationValve for all virtual hosts and the securityassociationvalve is configured with the metaData.getSecurityDomain(). This could instead be a seperate SecurityAssociationValve for each host with the securitydomain as an argument (used to flush the authentication cache). Elsewhere, the ENC/security/security-domain is used. This instead could be the ENC/security/vhost/security-domain or securityMgr (they ultimately are the same thing in server/src/main/org/jboss/web/AbstractWebDeployer).
> The trickiest piece isn't the server code, this would require some refactoring but doing the descriptor in an adequate but backward compatible way. <virtual-host>hostname</virtual-host> becomes <virtual-host>xxx</virtual-host><security-domain>domain</security-domain> or something like that. Ideally it would be <virtual-host>xxx<security-domain>xxx</security-domain></virtual-host> for clarity.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list