Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2602

Next Generation Security Manager Service

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • JBossAS-5.1.0.Beta1
    • JBossAS-5.0.0.CR2
    • Security
    • None

      The current JaasSecurityManagerService is based on Jaas.

      A new securitymanager service needs to be implemented that considers authentication, authorization and caching along with support for federation. The identity holder should be a custom holder that removes the inflexibility provided by javax.security.auth.Subject, while considering various tokens as Principals (used in federation).

      Currently,
      JaasSecurityManager implements AuthenticationManager, RealmMapping

      The new security service can be
      JBossSecurityManager implements AuthenticationManager, RealmMapping

      Forum References:
      Generalizing the JAAS and JACC service: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72264
      Flush security domain cache on sessionInvalidation : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73025
      Generic JBossWeb Authentication Framework : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73020
      Federated Identity : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72633

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: