cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Man <>
Subject Re: [RT] Cocoon, JAAS, and Sitemap
Date Thu, 21 Jun 2001 20:26:35 GMT
On Thu, Jun 21, 2001 at 04:14:28PM -0400, Berin Loritsch wrote:
> Martin Man wrote:
> > 
> > hi,
> >         I agree with you completely (although must say that haven't got a
> > chance to take a look at JAAS deeply) because I was also already thinking
> > about the uniform API for authentication (to be incorporated with validators -
> > session creation, etc.)...
> Quick summary:  JAAS is Java's version of PAM for your application.  It is
>                 pluggable, configurable, and allows you to control how information
>                 is displayed.

o.k., then I'm enthusiasted and I'm going to study JAAS :-))

> >         ... and I've seen that until now we (me) are rather duplicating lot of
> > things that have been done by servlet api's basic-auth and form-auth (which
> > are IMO useless for cocoon itself, cause they can protect only whole servlet)
> This is true.  I don't like the Servlet API's "auth" methods because they are
> not customizable, and you can't make it work from your own database without
> hacking the ServletEngine.
> >         ... and I also would like to see it embeded somewhere in the sitemap
> > syntax, because resource protection and authentication is part of every webapp
> > nowadays so why still hack around with some custom-made actions, validators,
> > etc. (not even mentioning possible kerberos incorporation)... would this be
> > possible with JAAS easily (presumming sitemap or cocoon.xconf will be
> > involved)... something like PAM under linux is doing
> That was my whole point.  You would be able to allow only certain Principals
> to view certain pages.


"Only dead fish swims with a stream"
gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09  7BCB 6202 7024 6E06 0223

To unsubscribe, e-mail:
For additional commands, email:

View raw message