-
1. Re: Licensing Question for Custom Login Module
starksm64 Aug 12, 2004 12:07 PM (in response to bdbogg)The LGPL license kicks in if you are redistributing jboss. If your not, the mods are irrelevent. If you are, the derived login module source should be made available under LGPL license. This can be done most simply by supplying the code as a patch to the sourceforge jboss project. If you can't do this, then you would need to create your own implementation that achieves the required encryption semantics.
-
2. Re: Licensing Question for Custom Login Module
bdbogg Aug 25, 2004 11:49 AM (in response to bdbogg)I just want to clarify to make sure... if I were to write a login module that extended one of the JBoss login modules (such as the AbstractServerLoginModule) and distribute this with a commercial application, the mods would need to be made available under LGPL. But if I were to write a login module, simply extending the javax.security.auth.spi.LoginModule interface, and distribute this with a commercial application (i.e., application hosted by JBoss, and configured in JBoss to use the login module), there would be no need to make this change/addition available?
Thanks. -
3. Re: Licensing Question for Custom Login Module
starksm64 Aug 25, 2004 1:10 PM (in response to bdbogg)You did not say you were extending AbstractServerLoginModule in the first post. You said you were copying the SecureIdentityLoginModule and possibly modifying that. If you just link against jboss code by extending it in the java class sense, this is not creating a derived work which requires your login module code to be subject to the LGPL. If you copy the SecureIdentityLoginModule or make non-trivial use of its code in your login module, you are creating a derived work that is subject to the LGPL license.
-
4. Re: Licensing Question for Custom Login Module
bdbogg Aug 30, 2004 11:37 AM (in response to bdbogg)FYI, for those interested: I ended up writing my own login module (really just a working skeleton right now) which simply extends ConfiguredIdentityLoginModule. It overrides the initialize method to perform decryption of the password, etc, as necessary. Here's the gist of what I have, as an example:
Java Source:package mypackage; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import java.util.Map; import java.util.HashMap; import java.util.Collections; import org.jboss.resource.security.ConfiguredIdentityLoginModule; /** * Extends the functionality of the JBoss ConfiguredIdentityLoginModule. * Provides the ability to decrypt the principal, userName, and password. */ public class EncryptedConfiguredIdentityLoginModule extends ConfiguredIdentityLoginModule { public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { String encryptedPrincipal = (String)options.get("encryptedPrincipal"); String encryptedUserName = (String)options.get("encryptedUserName"); String encryptedPassword = (String)options.get("encryptedPassword"); boolean encryptPrincipal = Boolean.valueOf(encryptedPrincipal).booleanValue(); boolean encryptUserName = Boolean.valueOf(encryptedUserName).booleanValue(); boolean encryptPassword = Boolean.valueOf(encryptedPassword).booleanValue(); HashMap newOptions = new HashMap(options.size()); newOptions.putAll(options); if (encryptPrincipal) { String principal = (String)newOptions.get("principal"); if (principal != null) { principal = decrypt(principal); newOptions.put("principal", principal); } } if (encryptUserName) { String userName = (String)newOptions.get("userName"); if (userName != null) { userName = decrypt(userName); newOptions.put("userName", userName); } } if (encryptPassword) { String password = (String)newOptions.get("password"); if (password != null) { password = decrypt(password); newOptions.put("password", password); } } Map opts = Collections.unmodifiableMap(newOptions); super.initialize(subject, callbackHandler, sharedState, opts); } private String decrypt(String s) { // TODO: perform decryption // Note: could make this class and this method abstract; // then specific subclasses could perform various methods of decryption as needed return s; } }
login-config.xml excerpt:<application-policy name = "TestRealm"> <authentication> <login-module code = "mypackage.EncryptedConfiguredIdentityLoginModule" flag = "required"> <module-option name = "encryptedPrincipal">true</module-option> <module-option name = "principal">myprincipal</module-option> <module-option name = "encryptedUserName">true</module-option> <module-option name = "userName">myuser</module-option> <module-option name = "encryptedPassword">true</module-option> <module-option name = "password">mypassword</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=jdbc/MyDS</module-option> </login-module> </authentication> </application-policy>
mssql-ds.xml excerpt:<local-tx-datasource> <jndi-name>jdbc/MyDS</jndi-name> <connection-url>jdbc:microsoft:sqlserver://localhost:1433;SelectMethod=cursor;DatabaseName=mydatabase</connection-url> <driver-class>com.microsoft.jdbc.sqlserver.SQLServerDriver</driver-class> <security-domain>TestRealm</security-domain> <min-pool-size>0</min-pool-size> <max-pool-size>20</max-pool-size> <blocking-timeout-millis>60000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes> </local-tx-datasource>