0 Replies Latest reply on Jun 24, 2006 12:45 PM by Anil Saldanha

    Security Configuration

    Anil Saldanha Master

      With the current Jaas based setup , we have the PolicyConfig as the holder of the configuration across application policies. But we still rely on javax.Security.auth.Configuration (XMLLoginImpl) since the Jaas framework works off of the Configuration static class.

      Now that our configuration should hold both authentication (jaas/jaspi) and authorization info, I am more inclined to use the PolicyConfig object directly because it has been parsed (and can be obtained through a jmx based service or injection in future).

      Options:
      a) Use the PolicyConfig object to query authentication (jaspi) as well as authorization config. [Jaas can use the default Configuration]
      or
      b) Build a SecurityConfiguration layer along the lines of Configuration

      Option b) does not make sense to me.

      Your thoughts/ideas?