continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: Security in Continuum
Date Fri, 13 Jan 2006 04:17:11 GMT

On Jan 12, 2006, at 2:25 PM, Emmanuel Venisse wrote:

>
>
> David Blevins a écrit :
>> On Jan 11, 2006, at 10:13 AM, Emmanuel Venisse wrote:
>>> Hi,
>>>
>>> In 1.1, we have decided to rework all security features.
>>>
>>> I tried to use osuser but this framework is crappy :
>>>
>> [...]
>>> I looked at seraph too. This project seems to be interesting,  
>>> it's  used by confluence and jira. It seems we have all we need  
>>> in it but  it require to be used in a web app environment, so i  
>>> think we can't  use it if we want to use security framework in a  
>>> standalone app in  future.
>> Interesting, if you look at the dependencies for seraph, it's  
>> clearly  using osuser.
>>   - http://opensource.atlassian.com/seraph/dependencies.html
>
> osuser is use only for the DefaultAuthenticator, if you don't use  
> it, you don't need osuser.
>
>> Wonder if "writing our own" option couldn't mean writing our own   
>> wrapper for osuser.
>
> not exactly. osuser would can be supported by a provider of our  
> own. But if we decide to write it, it must be extensible with  
> providers like other framework(osuser, seraph...) and ldap, jaas...
>

I can't believe i forgot about this.

http://jpam.sourceforge.net/documentation/

Then we could do real security and not java-toy security only usable  
by continuum.

I've got a shared LDAP directory up on ci.gbuild.org right now which  
we use instead of /etc/passwd files for logging into the various  
gbuild machines.  There is a j2eetck group that we put people in if  
they are allowed to see tck related stuff.  Would be excellent if we  
could use that exact setup in continuum to lock off certain projects  
to only be visible to that or other groups.  I've had to setup cron  
jobs to build the various things that are tck private -- made an  
attempt to put up a non-public continuum install for that, but it was  
too much of a pain.

-David


> Emmanuel
>


Mime
View raw message