Currently, if a module wants to execute code with elevated privileges, it needs to either use proxy privileges, or else store a username and password and use those to authenticate. This leads to ugly code and/or security flaws.
Instead, we need a mechanism for a module to run code within a Daemon thread that has the appropriate privileges for the module (at first this will always be super user privileges, but in the future, Daemon can impose tighter control).
- When the module framework starts/refreshes a module, it should create a secure token for each module, look for a method on each module's activator like
. If present, we inject the daemon token for the module.
- Add methods like the following, which throw an exception if you don't pass back exactly the token that the module architecture gave you:
Note that DaemonToken is a pretty bad name, so try to think of something better.
PIH needs this implemented in a (backwards-compatible) way that will let us take advantage of this in 1.9.2.