Return-Path: Delivered-To: apmail-jakarta-avalon-dev-archive@apache.org Received: (qmail 52398 invoked from network); 12 May 2002 00:12:39 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 12 May 2002 00:12:39 -0000 Received: (qmail 3068 invoked by uid 97); 12 May 2002 00:12:45 -0000 Delivered-To: qmlist-jakarta-archive-avalon-dev@jakarta.apache.org Received: (qmail 3041 invoked by uid 97); 12 May 2002 00:12:44 -0000 Mailing-List: contact avalon-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Avalon Developers List" Reply-To: "Avalon Developers List" Delivered-To: mailing list avalon-dev@jakarta.apache.org Received: (qmail 3027 invoked by uid 98); 12 May 2002 00:12:44 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Content-Type: text/plain; charset="iso-8859-1" From: Peter Donald To: "Avalon Developers List" Subject: Re: LogKit and log4j Date: Sun, 12 May 2002 10:11:23 +1000 X-Mailer: KMail [version 1.4] References: In-Reply-To: X-Wisdom: A right is not what someone gives you; it's what no one can take from you. MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200205121011.23869.peter@apache.org> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Fri, 10 May 2002 22:41, Gonzalo A. Diethelm wrote: > > > * Are there any BASIC components/abstractions in Avalon to deal > > > with security? By that I mean authentication and authorization > > > (as in role-based permission management). =2E.. > Would there be any value in creating one? A very generic interface- > based security abstraction?=20 Yes there is a bunch of interest :) Any serious application that needs to= =20 add/remove Users to the system and to manage roles etc needs something to= get=20 it going. You may want to have a look at=20 jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/service= s/security/* It has some interfaces to define RoleManagement and Authorization. It doe= s not=20 do any authentication management but it sorta assumed that JAAS would be = used=20 for that. > Something along the lines of: Looks interesting but I would be more likely to use a system that used th= e=20 built in classes of JVM. ie User --> Principle, Action --> Permission. > > interface User { > User(String identity); > String getIdentity(); > } > > interface Credential { > Credential(String data); > String getData(); > } > > interface Authenticator { > boolean checkUserCredential(User user, Credential credential); > } > > interface Action {} > > interface Authorizer { > boolean canUserDoThis(User user, Action action); > } > > interface Session { > void setUser(User user); > User getUser(); > > void setAuthenticator(Authenticator authenticator); > Authenticator getAuthenticator(); > > void setAuthorizer(Authorizer); > Authorizer getAuthorizer(); > > void authenticateUser(Credential credential); > boolean isUserAuthenticated(); > > boolean canUserDoThis(User user, Action action); > } --=20 Cheers, Peter Donald -- To unsubscribe, e-mail: For additional commands, e-mail: