SEC-1564: Create AuthenticationpProvider that allows JAAS Configuration to be Injected #1805
Labels
in: core
An issue in spring-security-core
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Milestone
Rob Winch (Migrated from SEC-1564) said:
An enhancement to Spring Security to provide an AuthenticationProvider that allows a JAAS Configuration object to be injected into it would provide significant value. This enhancement would allow for using a LoginModule without requiring Configuration.getConfiguration() to be Sun's ConfigFile implementation of Configuration. This in turn would allow JAAS support to be configured solely in Spring configuration. Additionally, it would allow for Spring Security to support LoginModules on any JDK/Application Server without needing to extend any classes.
I have implemented a patch that contains:
Possible improvements:
Creating an InMemoryConfiguration with standard Spring configuration is rather verbose, so adding a new PropertyEditor(s) for creating JAAS Configuration along with namespace support might be a nice enhancement to the patch. If this is desired, let me know and I would be glad to provide it.
I would really like to see this functionality included in the 3.1 release, so if there is anything I can do to improve the likelihood of this happening please let me know.
The text was updated successfully, but these errors were encountered: