From: Pesendorfer, Tom Sent: Thursday, 10 February 2005 7:18 AM To: 'Jetspeed Users List' Subject: Diagrams for login, authentication, LDAP handlers
Attached are 3 sequence diagrams (in 3 posts due to mail size limit) from what I could follow in the code in an effort to understand what is happening. The first one covers the login, the second one the portlet security, and the third one the new LDAP handlers (by Mike Long). Any clarifications, corrections, or additional details are very welcome! The first question I have is: It seems the user is retrieved twice - once (typically) inside the LoginModule (see first diagram), and then later on when the SecurityValveImpl doesn't find a Subject in the session (if it's the first time). Why is the Principal & Subject/credential not re-used from when it was available in the LoginModule? (if I were to do that, would it remove the need for the UserSecurityHandler?) Also, regarding the first diagram, how does the user/password end up with the LoginModule - I assume this is done by JBoss' JAAS implementation, correct? Thanks & regards, Tom
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
