Rob Winch (Migrated from SEC-1564) said:
An enhancement to Spring Security to provide an AuthenticationProvider that allows a JAAS Configuration object to be injected into it would provide significant value. This enhancement would allow for using a LoginModule without requiring Configuration.getConfiguration() to be Sun's ConfigFile implementation of Configuration. This in turn would allow JAAS support to be configured solely in Spring configuration. Additionally, it would allow for Spring Security to support LoginModules on any JDK/Application Server without needing to extend any classes.
I have implemented a patch that contains:
Creating an InMemoryConfiguration with standard Spring configuration is rather verbose, so adding a new PropertyEditor(s) for creating JAAS Configuration along with namespace support might be a nice enhancement to the patch. If this is desired, let me know and I would be glad to provide it.
I would really like to see this functionality included in the 3.1 release, so if there is anything I can do to improve the likelihood of this happening please let me know.
Rob Winch said:
An updated patch that includes an empty refresh method for InMemoryConfiguration in order to work with JDK5.