archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards Spring?)
Date Tue, 19 Feb 2008 16:43:54 GMT

On 20/02/2008, at 1:36 AM, Joakim Erdfelt wrote:

> nicolas de loof wrote:
>> "Integrate RedBack / Spring into Archiva."
>>
>> What is the advantage of redback compared to spring-security (aka  
>> "acegi") ?
>>
>> spring-security allready supports role-based secutiry, DB user  
>> store and
>> "remember me".
>>
>> Nico.
>>
> Redback is an RBAC implementation.

Don't forget that 80% of what Archiva uses Redback for is the web  
application user/role management.

>
> The Redback <--> Spring integration is likely to take the form of  
> another acegi authorization provider, but it's still a little early  
> yet to speculate on how this will occur.
>
> A more general question would be ... do we need RBAC for Archiva?   
> or can we get away with standard JAAS Roles?

An even more general question would be - it works, why change it? :)

- Brett

--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/


Mime
View raw message