Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Originally posted by Raghavan Muthu:
Great work Rahul. Welcome back![]()
Originally posted by Dennis M Kavanagh:
Is JAAS suitable for working with PKI?
Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Originally posted by Raghavan Muthu:
I have gone through the article. I have few clarifications.
Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
rahul: If your requirement does not get fulfilled by any of the available callbacks ,then you might want to create one of your own by implementing Callback interface.
raghavan:The JAAS Configuration file does have some syntax should be followed?
apigee, a better way to API!
apigee, a better way to API!
Nitesh Kant : Just to mention, this will require a change in the CallbackHandler too!
it can read the file to create a javax.security.auth.login.Configuration object and set it as the installed configuration object using the static method javax.security.auth.login.Configuration.setConfiguration().
Why do you think that even after a required module failure, the authentication continues to the next login modules(if any).
Rahul: I could not find in terms of any formal documentation for writing custom jaas configuration , but the source of class com.sun.security.auth.login.ConfigFile.java (default config provider) seems to me like a good starting point.
apigee, a better way to API!
Originally posted by Nitesh Kant:
Well, so to say, it can be any file. An xml file, xls file, a database table!
rahul: You got me wrong.My bad for the misleading statement.
rahul: I will not go with an XLS for storing such information.
apigee, a better way to API!
Originally posted by Nitesh Kant:
Hey Rahul,
I have a question regarding the login module control flags.
Why do you think that even after a required module failure, the authentication continues to the next login modules(if any).
The argument is that the overall result of the authentication will be fail as a required module is required to succeed. Since, the result is a failure, abort() will be called for all the login modules and ideally the authentication result must be cleaned by different modules from the subject.
So, at the end of the authentication none of the results of the modules executed after the failure of required module will be available. Then, what is the need of executing them at all!
P.S.: I agree that the rules of the control flags are the same as you have mentioned.
apigee, a better way to API!
Originally posted by Amit Kumargupta:
What happeds if I add some more princlapals to the subject after the completion of the login process.
apigee, a better way to API!
Originally posted by Rahul Bhattacharjee:
you might want to call setReadOnly() on the Subject , to make that unmodifiable .
Originally posted by Amit Kumargupta:
If I have somemore login modules in that stack and after the subject is made readonly whether will it be possible to again set that to read write mode.
Originally posted by Nitesh Kant:
Hi Joel,
Please do not hijack a thread for a different question(DontHijack)
This thread was to discuss the new journal article.
Request you to post this question as a new thread in the Security forum.
Rahul:
You might want to have a separate login module for making the subject readonly (make the subject readonly in the commit method of that login module) ,if the overall login process passes and put that entry in the end of the login module stack.
apigee, a better way to API!
Originally posted by Nitesh Kant:
mmm, how about making the subject as read only after the login call is over.
Rahul: And how would you know that the call is over ?
Rahul:
The very purpose of having a configuration file is that at installation time of the application the installer can modify (add , remove or change the respective position of the login module in the stack) the configuration file for that site.
What happens if he puts any other login module after the login module that makes the subject as read only ?
You might want to have a separate login module for making the subject readonly (make the subject readonly in the commit method of that login module) ,if the overall login process passes and put that entry in the end of the login module stack.
apigee, a better way to API!
Stop it! You're embarassing me! And you are embarrassing this tiny ad!
Smokeless wood heat with a rocket mass heater
https://woodheat.net
|