Any client that holds
JaasLoginService reference can use login service API to log into Geronimo. Client enforces realm authentication semantics by combining login module authentication results. Client tells login service that authentication succeeded. And client has an ability to synchronize it's own
Principals into secuiry-session within
All these points can be exploited.
Principals into security session defeats authentication.
Having client to compute login module combination opens up a possibility of violating realm semantics. Client can ignore login module configuration flags.
Having client to tell the login service that the authentication succeeded, also opens an avenue for attack, where in fact it did not, and forcing login service to commit.
JaasLoginSerivce.synchPrincipals() method must be removed.
Login Service API should be refactored and reduced to something like
login(String realm-name). All the work that is currently done by the
JaasLoginCoordinator must be refactored into the Login Service.