RFR 8047789: auth.login.LoginContext needs to be updated to work with modules
Wang Weijun
weijun.wang at oracle.com
Fri Mar 20 14:39:04 UTC 2015
Please review the code changes at
http://cr.openjdk.java.net/~weijun/8047789/webrev.03/
LoginContext is updated to use ServiceLoader to load configured LoginModules, and fallback to reflection if it cannot find one. Please notice that the fix does not include configuration of existing LoginModules since the current jdk9/dev module system does not support multiple modules implementing the same interface. Suppose it does, these 2 extra files will do the configuration:
src/jdk.security.auth/META-INF/services/javax.security.auth.spi.LoginModule
com.sun.security.auth.module.Krb5LoginModule
com.sun.security.auth.module.UnixLoginModule
com.sun.security.auth.module.JndiLoginModule
com.sun.security.auth.module.KeyStoreLoginModule
com.sun.security.auth.module.LdapLoginModule
com.sun.security.auth.module.NTLoginModule
src/java.management/META-INF/services/javax.security.auth.spi.LoginModule
com.sun.jmx.remote.security.FileLoginModule
I am hearing that jigsaw will provide a new way for service configuration.
Compatibility issue: Before this code change, any class that includes the necessary methods (initialize, login, logout, abort, commit) can be configured as a login module, which does not necessarily implement the LoginModule interface itself. After this code change, it must implement the interface.
We might need to update the JAAS programming guide in Java SE documentation to describe the new loading mechanism.
Thanks
Max
More information about the security-dev
mailing list