[jboss-jira] [JBoss JIRA] (WFLY-1067) Integrate JGroups with core AS security infrastructure

Richard Achmatowicz (JIRA) issues at jboss.org
Mon Sep 29 11:33:03 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-1067?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006943#comment-13006943 ] 

Richard Achmatowicz commented on WFLY-1067:
-------------------------------------------

At the clustering meeting last week, given that there are now three possible security protocol layers, we proposed introducing a new child-type:

{noformat}                
<stack name="udp">
  <transport type="UDP" socket-binding="jgroups-udp"/>
  <protocol type="PING"/>
  <protocol type="MERGE3"/>
  <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
  <protocol type="FD_ALL"/>
  <protocol type="VERIFY_SUSPECT"/>
  <protocol type="pbcast.NAKACK2"/>
  <protocol type="UNICAST3"/>
  <protocol type="pbcast.STABLE"/>
  <security-protocol type="AUTH" mech="DIGEST" realm="JGroupsRealm"/>
  <security-protocol type="ENCRYPT" mech="Client-CERT" realm="JGroupsRealm"/>
  <protocol type="pbcast.GMS"/>
  <protocol type="UFC"/>
  <protocol type="MFC"/>
  <protocol type="FRAG2"/>
  <protocol type="RSVP"/>
 </stack>
{noformat}

In the case of providing a secret key to TP for probe, a realm attribute could be added to the transport child to handle that case.
If there were further configuration required for any security protocol which was not made available via the realm, this could be provided as properties as usual.
 

> Integrate JGroups with core AS security infrastructure
> ------------------------------------------------------
>
>                 Key: WFLY-1067
>                 URL: https://issues.jboss.org/browse/WFLY-1067
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Clustering, Security
>            Reporter: Brian Stansberry
>            Assignee: Richard Achmatowicz
>
> Container task for better integrating JGroups security with overall AS security. The basic concept is the various security aware aspects of JGroups will expose an SPI, and the AS can create implementations of those SPIs that integrate with the AS security realms. The AS JGroups subsystem will inject the implementation into the JGroups runtime components.
> Subtasks are for the various aspects. These can be done separately but a common overall design should be created to ensure a consistent approach is taken.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list