-
1. Re: SubjectAuthenticationService / ActorId from JAAS
camunda Dec 11, 2008 4:48 AM (in response to camunda) -
2. Re: SubjectAuthenticationService / ActorId from JAAS
heiko.braun Dec 11, 2008 5:01 AM (in response to camunda)I would say you fix the interface and provide noop's where applicable.
-
3. Re: SubjectAuthenticationService / ActorId from JAAS
heiko.braun Dec 11, 2008 5:02 AM (in response to camunda)... and provide a proper factory as well.
-
4. Re: SubjectAuthenticationService / ActorId from JAAS
camunda Dec 11, 2008 5:08 AM (in response to camunda)My feeling too.
Currently we started discussing around if it make sense at all to use the JAAS subject as actor. Collect pros and cons, since e.g. with asynchronous communication the JAAS-Subject is from the MDB, so somehow we should maybe "rescue" the actor-id from the first call over the JMS intermezzo... -
5. Re: SubjectAuthenticationService / ActorId from JAAS
heiko.braun Dec 11, 2008 5:15 AM (in response to camunda)yes, i have the same problem with the consoles.
another option would be a pluggable resolver, i.e:
(pseudo code)interface IdentityResolver { Identity resolve(Context ctx); }
Identity would then be an actor for instance,
and the context might be a JASS subject.
We could then provide a default resolver that delegates to JAAS. -
6. Re: SubjectAuthenticationService / ActorId from JAAS
kukeltje Dec 11, 2008 8:35 AM (in response to camunda)I support everything that makes it more pluggable (a real 'service') with factories etc... and a lot of cleanup needs to take place... old code etc...
Is this proposal for jBPM 3? -
7. Re: SubjectAuthenticationService / ActorId from JAAS
camunda Dec 11, 2008 11:54 AM (in response to camunda)I added the factory, introduced the "setActorId" in the interface and use the interface correctly in the JbpmContext now.
The remaining problem is: How to "transport" the jaas information "over" JMS. I don't get the idea, heiko. How should this IdentityResolver work? Doesn't the AuthenticationService already do what you propse?
We decided for adding the authenticated actor to the JMS message (via JmsMessageFactory) and log in again in the MDB by reading the credentials from the JMS message... -
8. Re: SubjectAuthenticationService / ActorId from JAAS
camunda Dec 11, 2008 12:23 PM (in response to camunda)Is this proposal for jBPM 3?
This code was "half baked" already there, and yes, it will be jbpm 3.3.1... -
9. Re: SubjectAuthenticationService / ActorId from JAAS
kukeltje Dec 11, 2008 4:33 PM (in response to camunda)We decided for adding the authenticated actor to the JMS message (via JmsMessageFactory) and log in again in the MDB by reading the credentials from the JMS message...
That is what I normally do as well.This code was "half baked" already there, and yes, it will be jbpm 3.3.1...
The identity module is, service wise, half baked anyway (no offence Tom). There is no real interface that someone else could implement etc, hard coded things etc... But I assume this is not corrected now ;-)
I'll check things out... tnx -
10. Re: SubjectAuthenticationService / ActorId from JAAS
camunda Dec 11, 2008 4:44 PM (in response to camunda)But I assume this is not corrected now ;-)
No, the changes doesn't have anything to do with the identity module... -
11. Re: SubjectAuthenticationService / ActorId from JAAS
heiko.braun Dec 12, 2008 3:17 AM (in response to camunda)The resolver was a response to this question:
does it make sense at all to use the JAAS subject as actor?
It didn't mean to answer the JMS problem -
12. Re: SubjectAuthenticationService / ActorId from JAAS
tom.baeyens Jan 16, 2009 5:21 AM (in response to camunda)"camunda" wrote:
Is this proposal for jBPM 3?
This code was "half baked" already there, and yes, it will be jbpm 3.3.1...
this is a correct interpretation.
i remember writing the code to see if it would be possible and to work out the idea. i also remember never using it. so your experience matches my memory of the situation.
good to know that you've included it in the 3 codebase so that we can port it if we need it in 4.