[jboss-jira] [JBoss JIRA] (ELY-320) Potential simplification of FileSystemSecurityRealm
David Lloyd (JIRA)
issues at jboss.org
Thu Oct 8 08:04:00 EDT 2015
[ https://issues.jboss.org/browse/ELY-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd reassigned ELY-320:
-------------------------------
Assignee: David Lloyd
> Potential simplification of FileSystemSecurityRealm
> ---------------------------------------------------
>
> Key: ELY-320
> URL: https://issues.jboss.org/browse/ELY-320
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: Realms
> Reporter: David Lloyd
> Assignee: David Lloyd
>
> An offhand comment by [~dlofthouse] got me thinking about a possibly major simplification and improvement to the file system realm.
> Right now it uses XML to store the identity and all its credentials; this is fairly complex and also not very secure.
> As an alternative approach, the realm could be rewritten to store each identity in two parts: authentication information and authorization information. The authentication information could consist of a KeyStore (probably a org.wildfly.security.keystore.WrappingPasswordKeyStore which could be enhanced to support modular crypt or another general format of password), whose aliases correspond to credential names. The authorization information could simply be a properties file which is loaded in to become Attributes. Recent identities could be cached for efficiency.
> This would massively simplify the realm implementation, and also improve the security of the stored credentials.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list