Implement the appropriate SPI in Java to plug in JGSS easily #50
Comments
|
The patch in the JDK is exactly a client and server-side reimplementation via JNI of what Waffle does via JNA. If one day the JDK supports all of this, Waffle will have less reasons to exist. I don't really see what "adapt that with Waffle" would mean? |
|
You perception is right but there is a big difference to Waffle. If you use the patch you use SSPI as you would use plain old JGSS without the need to know that SSPI is different and that you cannot use SSPI cred handles with JGSS context. Therefore a JGSS integeration with a Service Provider Interface implementation like in the patch if highly favorable. |
|
That makes total sense. Do you have something for the list of actual action items for Waffle, though? |
|
I am sorry but I am afraid that I do not understand your question. Can you please rephrase it. |
|
I'll try. I don't quite understand what "Adapt that with Waffle and provide a fully integrating solution." actually means :) |
|
The patch includes in package sun.security.jgss.sspi a public final class SSPIProvider extends Provider. I imagine that there can sa WaffleProvider for JGSS which wraps supported mechs by SSPI with the according mech factories. In the outside one would use JGSS but under the hood Waffle would be used with SSPI. |
|
Not necessary anymore. There is https://bugs.openjdk.java.net/browse/JDK-6722928. |
|
@michael-o With that at the moment only being jdk 13+, is there anything we need to do to add special handling or does that simply mean waffle is completley unecessary? |
|
There a few restrictions here:
I am currently reviewing it on security-dev@ because there are a few bugs. As soon as these are resolved, I need to figure out how to get this back to 8u and 11u. I will likely go the commercial route via Azul Systems. But I want it to be in OpenJDK, not just a commercial vendor dist. For the client side this make Waffle in at least 80% unnecessary. |
|
Thanks @michael-o |
At the moment, Waffle is rather an alien solution in Java. It does not play at all with JGSS. One has the option to add service provider implementation to the Java system. This would mean that JGSS could use the SSPI backend transparently. There has been a preliminary patch to the JDK already but has been dropped.
See this patch: http:https://cr.openjdk.java.net/~weijun/6722928/webrev.00/jdk.patch
And the discussion on the security-dev mailing list:http:https://www.mail-archive.com/[email protected]/msg05287.html
Adapt that with Waffle and provide a fully integrating solution. It would make waffle superior to pure JGSS on Windows and a relief for every Java dev.
The text was updated successfully, but these errors were encountered: