[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Web Application
sohil.shah@jboss.com
do-not-reply at jboss.com
Sat Nov 4 10:09:57 EST 2006
Hi Sohil
May be I am wrong but I have few suggestions
As a user I write my own LoginModule complaint to JAAS, (class extending AbstractServerLoginModule)
We all are famliar with JAAS and we know what methods body shd we for Authentication. Even if we use LoginProvider inside JAAS module,
login() method makes sense and from JAAS class login method we can call LoginProvider login method, but again like in my application I need more params for user to log in. However the login method in LoginProvider takes only username and password arguments, I can always concatinate other params and send it as username but still, as a user I wont feel comfartable about it.
Similarly readAllRoles makes sense and can be linked with readRoleSets of jboss
But about other methods of LoginModule like exists, read , were should we hook in thse methods with our custom JAAS code.
There should be more explanation about this.
Other thing is Identity, it is defined as a class with fixed getter and setter, there is a possibility that user needs more and less getter and setter. Like in normal JAAS we just rrtuen Principal object.
May be my understanding here is wrong but this is what came to my mind and I thought that I should share it with you. Please do not think
that I am complaining. All you Jboss guys are great and as a user of
your products I am always thankful for all the efforts and contribution of jboss teams for the industry.
Thanks again for your help
Regards
Nipun
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983222#3983222
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983222
More information about the jboss-user
mailing list