Hi Matt,
Thanks for comments. A couple of follow ups.
Matt Flaherty wrote:
Hmmm... Looks like CDC/Foundation
does
not include the javax.security.auth.* packages. I'm not sure if a JAAS
implementation could be dropped on top of it, but I wouldn't be
surprised
if it could. JAAS is pretty thin.
With respect to a LoginModule for
3.4,
I expect we will develop several (or explain how to use those in a
typical
JRE). The default configuration will probably work with a standard
format
JKS/JCEKS stored in an appropriate place for the platform (workspace,
etc).
It would be good to make these login modules extensible (via extension
point perhaps) so that other bundles (e.g. ECF) can hook into login
process of an existing app that uses these login modules (e.g. Eclipse)
and (e.g.) add principals and/or credentials to Subject during login or
commit and prior to setReadOnly(). If you like, I can/could create an
enhancement request for this...let me know. I also could help with
some of the programming for such a thing if desired.
Scott
|
