Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - Re: Generalizing the JACC service
|
From: <sco...@jb...> - 2005-09-20 17:56:43
|
The ProtectionDomain is not a legacy api. It just happens that today the CodeSource is not used by the current JAAC policy implementation. It certainly will be usable in the future, and this is the way most people configure their java2 security policies. "zumrani" wrote : | From that perspective a null PD could mean that the container should get one for the application. Without container finding the identity, the application will be forced to create a dummy PD containing Principal[] from the PolicyContext. Though it is possible, but from the application's perspective it is cumbersome to do do. Hence I feel that if PD is null then the JACC layer should find the appropriate Identity/Subject. | Its wrong to consider that the application is being forced to determine the caller identity. JACC is an authorization contract, not authentication. If you are not leveraging the current caller information established by the container, you are replacing this and as such, assuming the role of determining the authenticated identity. The only question here is whether there should be an application pluggable policy for mapping an unauthenticated caller to a particular PD. The JAAS login modules already have a notion of unauthenticatedIdentity, and if a secured resource is hit, this identity will be established. You really need to describe exactly what the context of the null identity is as it seems to me that you are wanting a caller identity even in the context of accessing an unsecured resource. This is an ambiguous part of the servlet security contract and tomcat does not call out to its Realm to trigger any identity authentication for such a resource. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3895845#3895845 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3895845 |
