After fighting with container managed security to get true single-signon
(not just container wide signon), I have decided I need to role my own.
Below is a *quick* overview of a working system I have, but one which I
feel has some potintial, pending input from the wider community.
-------------
The basic idea is to provide an authentication service to login and logout.
This service will be built on HiveMind using Jaas, and can be thought of
as "Jaas Authentication for Tapestry", but could work for any HiveMind
(or IoC) based application.
There are two main services: a CallbackHandlerService, and a
AuthenticationService, along with a handfull of services that implement
CallbackHandler.
The CallbackHandlerService is the CallbackHandler instance used in
createing a new Jaas LoginContext instance. It dispatchs Callbacks to an
appropriate CallbackHandler service, which are registered with it via a
HiveMind contribution point. These deligate CallbackHandlers can be
injected with any information they need, allowing any number of ways to
get the authentication data into the Jaas LoginModules.
The AuthenticationService is mostly a wrapper around a LoginContext, but
also handels any extra authentication tasks, such as storing the Subject
where the application server will find and use it. Since the afore
mentioned CallbackHandler services should know how to get the
information needed, the application need only to call
authenticationService.login(), and wait for the result.
-----------
While I know there are many views on what the best way to handel
authentication and authorization is, I like Jaas, and feel that this
type of system keeps things flexable.
Thx for the input,
--Ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
