I posted a JAAS LoginModule a while ago to this list.
I was wondering if anyone was using it - if so, I have an updated
version which is probably a bit more secure - the code's cleaner, at
least. I'm using it in production and it is working well (although the
logging is a bit noisy still).
If anyone is interested, send me a private email and I'll post the
updated version to the list.
Jan Bartel wrote:
> Hi Russell,
> Sorry I haven't got back to you sooner - usual excuses apply (too much
> to do, too little time!). As luck would have it, I am working on the
> JAAS module for Jetty this week and I want to do a release either this
> week or next at the latest. I would be interested in including your
> module, so send it to me again and this time I promise to really look
> at it!
No problem - I just discovered a rather major loophole in my previous
version, so in case anyone is using it, I'll post an updated version in
just a moment.
I also need to do some proper documentation of the JAAS configuration
parameters that it takes, and the different operating scenarios. It's
not simple (which probably points to poor design...), but it is flexible
and can cope with virtually any LDAP schema I can think of.