abdera-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James M Snell <jasn...@gmail.com>
Subject Re: Server authenticaion support
Date Wed, 02 Apr 2008 15:40:03 GMT


Remy Gendron wrote:
> Hello all,
> 
>  
> 
> I’m looking at securing my Abdera server implementation. Do you have
> recommendations for the following?
> 
>  
> 
> 1) OpenAuth or WSSE? I am developing intra-corporate Atom services. These
> will not be exposed to the outside. Backed by a corporate LDAP.
> 

It depends largely on how you expect it will be used, but of the two 
options, OpenAuth.  I've deployed quite a few internal APP servers, all 
of which have used Basic+SSL for simple authentication.  We're currently 
looking to use OpenAuth as a way of enabling certain kinds of 
application-to-application integration to occur.

> 2) Are there support libraries that would help in implementing this on the
> server side? Abdera already comes with auth extensions. How do I leverage
> these on the server side? Shouldn’t security be orthogonal to the Atom
> stuff? I was thinking along the way of a servlet filter.
> 

Yes, security is orthogonal. Servlet filters work well.  Keep in mind, 
however, that different app servers have different ways of setting the 
internal state for the authenticated user.

- James

> 3) My server is heavily Spring. I will look up ACEGI.
> 
>  
> 
> Thanks,
> 
>  
> 
>  
> 
> Rémy 
> 
>  
> 
> 

Mime
View raw message