glassfish
  1. glassfish
  2. GLASSFISH-3806

realm-name should not be used for security auth realm

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 9.1pe
    • Fix Version/s: not determined
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Linux

    • Issuezilla Id:
      3,806

      Description

      <!-- The realm name element specifies the realm name to use in HTTP Basic
      authorization. Used in : login-config. -->
      Following is my understanding of use of realm-name under login-config in
      web.xml. It is to be used as a logical entity to group users when requesting
      client to authenticate.

      <auth-realm classname="class name" name="jdbc_Digest_Realm_Name">

      The information is also being used in glassfish to map to actual realm name of
      auth-method.

      element from domain.xml
      <auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"
      name="sun.com">

      element from web.xml

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>sun.com</auth-method>
      </login-config>

      Use of realm-name under login-config to map to name attribute under auth-realm
      is not right and we should have a different way to configure backends
      (JDBC/LDAP etc) for a app.

      This also confuses developers using netbeans, as realm name is enabled only for
      BASIC authentication, so they have to edit the xml manually to enter the realm
      name.

      This may break backward compatibility.

        Activity

        Hide
        kumarjayanti added a comment -

        There is no BUG to be fixed here. The proposal is to make some changes in the
        way the name attribute of an auth-realm is being used by current GF.

        Marking it as an Enhancemen to be looked at in V3.

        Show
        kumarjayanti added a comment - There is no BUG to be fixed here. The proposal is to make some changes in the way the name attribute of an auth-realm is being used by current GF. Marking it as an Enhancemen to be looked at in V3.
        Hide
        Tom Mueller added a comment -

        Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

        Show
        Tom Mueller added a comment - Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

          People

          • Assignee:
            raharsha
            Reporter:
            raharsha
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: