archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards Spring?)
Date Tue, 19 Feb 2008 17:22:54 GMT

On 20/02/2008, at 4:15 AM, Simmons, Robert wrote:

> The benefit to JAAS would be easier integration with companies that  
> use
> LDAP to manage roles within a company.

Actually - this raises a good point - would just having this at the  
WebDAV level be sufficient? I realise a lot of people are purely  
looking to operate Archiva as a secured proxy and the administration  
features of the webapp could be separately secured since there are  
often less users needing to be set up for that.

- Brett

>
>
> -- Robert
>
> -----Original Message-----
> From: Brett Porter [mailto:brett@apache.org]
> Sent: Tuesday, February 19, 2008 9:44 AM
> To: archiva-dev@maven.apache.org
> Subject: Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards
> Spring?)
>
>
> On 20/02/2008, at 1:36 AM, Joakim Erdfelt wrote:
>
>> nicolas de loof wrote:
>>> "Integrate RedBack / Spring into Archiva."
>>>
>>> What is the advantage of redback compared to spring-security (aka
>>> "acegi") ?
>>>
>>> spring-security allready supports role-based secutiry, DB user store
>>> and "remember me".
>>>
>>> Nico.
>>>
>> Redback is an RBAC implementation.
>
> Don't forget that 80% of what Archiva uses Redback for is the web
> application user/role management.
>
>>
>> The Redback <--> Spring integration is likely to take the form of
>> another acegi authorization provider, but it's still a little early
>> yet to speculate on how this will occur.
>>
>> A more general question would be ... do we need RBAC for Archiva?
>> or can we get away with standard JAAS Roles?
>
> An even more general question would be - it works, why change it? :)
>
> - Brett
>
> --
> Brett Porter
> brett@apache.org
> http://blogs.exist.com/bporter/
>
>
>
> Confidentiality Note: This message contains information that may be  
> confidential and/or privileged. If you are not the intended  
> recipient, you should not use, copy, disclose, distribute or take  
> any action based on this message. If you have received this message  
> in error, please advise the sender immediately by reply email and  
> delete this message. Although ICAT Managers, LLC scans e-mail and  
> attachments for viruses, it does not guarantee that either are virus- 
> free and accepts no liability for any damage sustained as a result  
> of viruses.  Thank you.
>

--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/


Mime
View raw message