[jboss-jira] [JBoss JIRA] Commented: (AS7-1622) Security Vault for attributes
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Wed Aug 31 15:10:26 EDT 2011
[ https://issues.jboss.org/browse/AS7-1622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12625562#comment-12625562 ]
Anil Saldhana commented on AS7-1622:
------------------------------------
===========
Security Vault:
http://anonsvn.jboss.org/repos/picketbox/trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVault.java
Vault Factory:
http://anonsvn.jboss.org/repos/picketbox/trunk/security-spi/spi/src/main/java/org/jboss/security/vault/SecurityVaultFactory.java
Default Implementation:
http://anonsvn.jboss.org/repos/picketbox/trunk/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java
Basically, I am envisioning a vault element in the security domain model where users can configure their pet vault implementation from 3rd party ISVs. One of the usecases was to have full AES encryption for passwords in EAP. That is something 3rd party vendors should provide for EAP. But this vault concept allows us to provide that feature.
Here is the test I wrote:
http://anonsvn.jboss.org/repos/picketbox/trunk/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
The user will be configuring a keystore whose password will be masked. That is the weak link. Rest all is AES encrypted.
==============
> Security Vault for attributes
> -----------------------------
>
> Key: AS7-1622
> URL: https://issues.jboss.org/browse/AS7-1622
> Project: Application Server 7
> Issue Type: Feature Request
> Components: Security
> Reporter: Anil Saldhana
> Assignee: Anil Saldhana
> Fix For: 7.1.0.Beta1
>
>
> Introduce a vault for security attributes. Password is also an attribute.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list