Return-Path: Delivered-To: apmail-cocoon-dev-archive@www.apache.org Received: (qmail 18216 invoked from network); 24 Sep 2004 07:02:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 24 Sep 2004 07:02:15 -0000 Received: (qmail 46952 invoked by uid 500); 24 Sep 2004 07:04:13 -0000 Delivered-To: apmail-cocoon-dev-archive@cocoon.apache.org Received: (qmail 46891 invoked by uid 500); 24 Sep 2004 07:04:13 -0000 Mailing-List: contact dev-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@cocoon.apache.org Delivered-To: mailing list dev@cocoon.apache.org Received: (qmail 46870 invoked by uid 99); 24 Sep 2004 07:04:12 -0000 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=DNS_FROM_RFC_ABUSE,RCVD_BY_IP X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from [66.51.199.81] (HELO mail5.dslextreme.com) (66.51.199.81) by apache.org (qpsmtpd/0.28) with SMTP; Fri, 24 Sep 2004 00:04:11 -0700 Received: (qmail 8077 invoked from network); 24 Sep 2004 07:04:08 -0000 Received: from unknown (HELO rio.dslextreme.com) (66.51.196.164) by 192.168.8.93 with SMTP; Fri, 24 Sep 2004 07:04:08 +0000 Message-Id: <6.1.2.0.2.20040923235451.02465058@mail.dslextreme.com> X-Sender: Ralph.Goers@mail.dslextreme.com X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Fri, 24 Sep 2004 00:04:03 -0700 To: dev@cocoon.apache.org From: Ralph Goers Subject: RE: Authentication In-Reply-To: <5E091A68F794974CAF431CA31F5AF2CC11E973@server.bizzdesign.n l> References: <5E091A68F794974CAF431CA31F5AF2CC11E973@server.bizzdesign.nl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N At 9/23/2004 11:42 PM, you wrote: >Just curious, as I am trying to get authentication/authorization done >right myself... > >If you only use it for authentication, then why don't you just use the >security provided by J2EE? > >Bart. I guess I wasn't too clear. Authorization is still performed in the web container. JAAS just isn't used to do it. Cocoon's authentication framework is also used to validate every request. Authorization is performed through a PermissionSelector. This allows end users to have the same request fulfilled differently depending on their permissions.