[jboss-jira] [JBoss JIRA] (ELY-320) Potential simplification of FileSystemSecurityRealm
David Lloyd (JIRA)
issues at jboss.org
Wed Nov 18 08:02:00 EST 2015
[ https://issues.jboss.org/browse/ELY-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd resolved ELY-320.
-----------------------------
Resolution: Rejected
I think that now that we've removed credential names, the existing implementation is probably fine.
> Potential simplification of FileSystemSecurityRealm
> ---------------------------------------------------
>
> Key: ELY-320
> URL: https://issues.jboss.org/browse/ELY-320
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: Realms
> Reporter: David Lloyd
> Assignee: David Lloyd
>
> An offhand comment by [~dlofthouse] got me thinking about a possibly major simplification and improvement to the file system realm.
> Right now it uses XML to store the identity and all its credentials; this is fairly complex and also not very secure.
> As an alternative approach, the realm could be rewritten to store each identity in two parts: authentication information and authorization information. The authentication information could consist of a KeyStore (probably a org.wildfly.security.keystore.WrappingPasswordKeyStore which could be enhanced to support modular crypt or another general format of password), whose aliases correspond to credential names. The authorization information could simply be a properties file which is loaded in to become Attributes. Recent identities could be cached for efficiency.
> This would massively simplify the realm implementation, and also improve the security of the stored credentials.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list