5 Replies Latest reply on May 19, 2008 10:13 PM by anil.saldhana

    Security and JCA

    adrian.brock Apr 1, 2008 6:43 AM

      I've just reinstated org.jboss.security.Util which is used by a JCA login module (PBE)
      that hadn't been ported to jboss-head.

      On a more general note:

      We've had this discussion on the jca forum and basically we don't understand
      why there are login modules in the connector project?

      All we want is to inject a Subject factory into the connection manager.

      So we should have is some kind of interface in jboss-integration/jca-spi
      (or maybe it should belong in a security integration spi?)

      public interface SubjectFactory
{
 Subject getSubject();
}


      None of jboss security specifc code (login modules, crypto calls, etc.)
      should be in the connector project at all.

      Can we get this fixed for JBoss5?

      The JCA login modules aren't exactly JCA specific. :-)
      They are things like login with a given identity or take it from the thread assocation, etc.

      • 6112 Views
      • Tags:
        • 1. Re: Security and JCA
          anil.saldhana
          anil.saldhana Apr 1, 2008 10:16 AM (in response to adrian.brock)

          There were multiple Util classes in the security project and I renamed a few. I think the one you are affected is renamed to CryptoUtil.

          I did create a JBAS issue to get the JCA security integration fixed for AS5 some time ago. Let me get the jira issue for you.

            • Actions
          • 2. Re: Security and JCA
            anil.saldhana
            anil.saldhana Apr 1, 2008 6:34 PM (in response to adrian.brock)

            http://jira.jboss.org/jira/browse/JBAS-5362

            We will get this fixed asap.

              • Actions
            • 3. Re: Security and JCA
              anil.saldhana
              anil.saldhana Apr 4, 2008 6:05 PM (in response to adrian.brock)

              Stefan, we need to be careful with what dependencies we bring in to jbosssx project.

              (5:02:30 PM) anil: stefan
(5:02:39 PM) anil: we need to remove the jboss-jmx
(5:02:42 PM) anil: dependency
(5:02:51 PM) anil: find out what is creating that dependency
(5:03:01 PM) anil: and isolate that functionality if possible
(5:03:06 PM) anil: we can add that to AS5/security


                • Actions
              • 4. Re: Security and JCA
                anil.saldhana
                anil.saldhana Apr 22, 2008 12:38 AM (in response to adrian.brock)

                With Security 2.0.2.Beta6, we have moved the JCA login modules out of the connector module into security library namely JBossSX.jar. It is also part of the jbosssx-client.jar which gets fed into jbossall-client.jar

                  • Actions
                • 5. Re: Security and JCA
                  anil.saldhana
                  anil.saldhana May 19, 2008 10:13 PM (in response to adrian.brock)

                  Adrian, I think I have fixes for the JCA layer now. I need to test a bit and check it in this week.

                  * We inject a security domain name (this is as before) as well as a SubjectFactory instance into the connection mgr. The SubjectFactory implementation provides the subject to the connection manager. All the internal details such as getting the principal/cred etc are hidden from the jca layer.
                  * I am retaining the setJaasSecurityMgrService(ObjectName) and getJaasSecurityMgrService() methods for backwards compatibility (or should I just remove them?)

                    • Actions