[jboss-jira] [JBoss JIRA] (ELY-320) Potential simplification of FileSystemSecurityRealm

Wed Oct 7 10:32:00 EDT 2015

David Lloyd created ELY-320:
-------------------------------

             Summary: Potential simplification of FileSystemSecurityRealm
                 Key: ELY-320
                 URL: https://issues.jboss.org/browse/ELY-320
             Project: WildFly Elytron
          Issue Type: Enhancement
          Components: Realms
            Reporter: David Lloyd

An offhand comment by [~dlofthouse] got me thinking about a possibly major simplification and improvement to the file system realm.

Right now it uses XML to store the identity and all its credentials; this is fairly complex and also not very secure.

As an alternative approach, the realm could be rewritten to store each identity in two parts: authentication information and authorization information.  The authentication information could consist of a KeyStore (probably a org.wildfly.security.keystore.WrappingPasswordKeyStore which could be enhanced to support modular crypt or another general format of password), whose aliases correspond to credential names.  The authorization information could simply be a properties file which is loaded in to become Attributes.  Recent identities could be cached for efficiency.

This would massively simplify the realm implementation, and also improve the security of the stored credentials.

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)