Security providers make a wide range of security services available to applications. Such services include cryptographic services, secure random number generation, and key storage.
 
At the moment, LoginModule Configuration implementations are not available from providers. This means that security-aware applications can not access Configuration implementations as they do other security services.
 
In particular, if an application wants to set a specific implementation as the system-wide Configuration (via Configuration.setConfiguration), it would need direct access to that implementation so the implementation can be instantiated and passed to the setConfiguration call.
 
Today, cryptography-aware applications do not have to "bundle" their own cryptographic implementations. They can simply rely on cryptographic services configured into the Java runtime via providers.
 
Similarly, LoginModule configuration-aware applications should not have to "bundle" their own Configuration implementations. They, too, should be able to access Configuration implementations configured into the Java runtime via providers.
###@###.### 2005-05-10 23:47:56 GMT