Soteria Updates for PFD Changes
Trying to get a sense of how much work is left to get soteria updated to match the PFD version of the spec. A good chunk is already done, but I'd like to check on the following items, and will create JIRA issues for them if needed:
-- Will Hopkins | WebLogic Security Architect | +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803
On Tue, Jul 18, 2017 at 10:54 PM, Will Hopkins <will.hopkins@...> wrote:
EL support for all attributes is implemented now. Could do with more test coverage, but unless I missed something I think this is done.
DatabaseIdentityStoreDefinition.hashAlgorithm is there largely too. It now accepts an EL string -> string method expression. The bean where that method resides can get its parameters from whatever location is suitable for the user. To make it really complete a simple key/value list can be added to the annotation so parameters can be specified right from the annotation.
The implementation of any new attributes has not been done. I renamed the existing one to match the PFD and EL enabled all of them, but that's it.
See above. Hashing is now being done, but could be fleshed out a bit more.
I think the RI (GlassFish/Soteria) doesn't need to make any additional changes here, as its defaults already work (in GlassFish the caller/app principal would already be the same, as it returns from HttpServletRequest#getUserPrincipal etc what the CallerPrincipalCallBack from JSR 196 puts into it).
Other servers can, when necessary, implement this in their own way. I'll walk through the spec text and code again to see whether I didn't miss anything for the RI.
Yes, that's been taken care of.
As far as RI matching spec text, I think the above list is complete.
The spec text could perhaps do with some clarifications, specifically as Rudy mentioned in another topic the LoginToContinue. Reading the spec I think theoretically everything is there, but it's terse and vendors may not fully interpret it as intended.