| This is an implementation of a SecurityContext that performs absolutely
NO validation of the Principal but merely caches the claimed password.
We implement this to provide the illusion of single-signon but it comes
with significant risk. A channel is able to retrieve the originally
validated password of passphrase to perform just-in-time validation but the
means of validation is now COMPLETELY in the hands of the channel. If the
channel utilizes a weak authenticity-checking mechanism and the password is
the same as the one that portal users regard as secure, then unbeknownst to
the user, their "secure" password is being placed in jeopardy. PLEASE use
this SecurityContext implementation sparingly and with your eyes open!
CacheSecurityContext can be chained together with another context such that
both are required. This allows an authentication provider such as
SimpleLdapSecurityContext to be used to verify the password and
CacheSecurityContext to allow channels access to the password. Example of
security.properties settings to accomplish this:
root=org.jasig.portal.security.provider.SimpleSecurityContextFactory
root.cache=org.jasig.portal.security.provider.CacheSecurityContextFactory
principalToken.root=userName
credentialToken.root=password
To ensure that both contexts are exercized the portal property
org.jasig.portal.security.provider.ChainingSecurityContext.stopWhenAuthenticated
must be set to false (by default it is set to true).
author: Andrew Newman, newman@yale.edu version: $Revision: 34942 $ |