commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerhard Froehlich" <g-froehl...@gmx.de>
Subject RE: [simplestore] AccessControl
Date Wed, 20 Feb 2002 18:22:44 GMT
Juozas,

>Hi,
>Yes we it is better to use standard interfaces, we can use JAAS,
>I am not sure, but it seems JAAS is added to JDK 1.4 and it is possible
>to download it for JDK 1.3. It has configuration files,
>plugable login modules , principals, groups ... , but I think we will need
>it only
>for authentication ( LoginContext, LoginModule, Subject ), authorization
>must be more flexible.
>we will need this logic :
> 1. " Subject Has Permission on Class"
> 2. " Subject Has Permission on Method"
> 3. " Subject Has Permission on Object"
>JAAS will not help for this authorization, it because we must grant some
>permissions on
>runtime.
>Good examples for security (Authorization) design is jakarta-slide and
>www.jboss.org

KISS, KISS and KISS ;). When we think in jakarta-commons terms
we should keep dependencies to other libaries low. I tend to 

> 1. " Subject Has Permission on Class"
> 2. " Subject Has Permission on Method"
> 3. " Subject Has Permission on Object"

...with a simple solution... Hmm do we need a own interface for that to
capsulate this things? I started from scratch today design one, then I
clashed with the Java API.

Somehow I like the simple solution in this article:
<http://www.javaworld.com/javaworld/jw-11-2000/jw-1110-proxy.html>

  ~Gerhard

*---------------------------------------------------------*
| Contrary to popular belief, UNIX is user-friendly. It   |
| just happens to be selective on who it makes friendship |
| with.                                                   |
|                       - Richard Cook                    |
*---------------------------------------------------------*


--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message