Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - Re: Authorization framework
|
From: <sco...@jb...> - 2006-06-29 20:07:04
|
For reference, the jaas definitions of the control flag:
anonymous wrote :
| 1) Required - The LoginModule is required to succeed.
| If it succeeds or fails, authentication still continues
| to proceed down the LoginModule list.
|
| 2) Requisite - The LoginModule is required to succeed.
| If it succeeds, authentication continues down the
| LoginModule list. If it fails,
| control immediately returns to the application
| (authentication does not proceed down the
| LoginModule list).
|
| 3) Sufficient - The LoginModule is not required to
| succeed. If it does succeed, control immediately
| returns to the application (authentication does not
| proceed down the LoginModule list).
| If it fails, authentication continues down the
| LoginModule list.
|
| 4) Optional - The LoginModule is not required to
| succeed. If it succeeds or fails,
| authentication still continues to proceed down the
| LoginModule list.
|
Those tests results look correct. We need to test with sufficient at the start:
| result = getResult("sufficient-permit-required-deny-policy");
| assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
| result = getResult("sufficient-permit-sufficient-deny-policy");
| assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
| result = getResult("optional-deny-sufficient-permit-required-deny-policy");
| assertTrue("PERMIT?", AuthorizationContext.PERMIT == result);
|
and that if nothing deterministically succeeds that we deny:
| result = getResult("sufficient-deny-optional-deny-policy");
| assertTrue("DENY?", AuthorizationContext.DENY == result);
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954501#3954501
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954501
|
