5 Replies Latest reply on May 19, 2008 10:13 PM by Anil Saldanha

    Security and JCA

    Adrian Brock Master

      I've just reinstated org.jboss.security.Util which is used by a JCA login module (PBE)
      that hadn't been ported to jboss-head.

      On a more general note:

      We've had this discussion on the jca forum and basically we don't understand
      why there are login modules in the connector project?

      All we want is to inject a Subject factory into the connection manager.

      So we should have is some kind of interface in jboss-integration/jca-spi
      (or maybe it should belong in a security integration spi?)

      public interface SubjectFactory
      {
       Subject getSubject();
      }
      


      None of jboss security specifc code (login modules, crypto calls, etc.)
      should be in the connector project at all.

      Can we get this fixed for JBoss5?

      The JCA login modules aren't exactly JCA specific. :-)
      They are things like login with a given identity or take it from the thread assocation, etc.