directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: [core] Best way to internally authenticate for getting a DirContext
Date Thu, 15 Mar 2007 20:29:47 GMT
On 3/15/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
>
> On 3/15/07, Alex Karasulu <akarasulu@apache.org> wrote:
> > This totally stinks for now but you're right it's the only way
> currently.  I
> > could expose an API to just request a context without authentication
> however
> > this would allow stored procedures in the server to do that as well and
> > assume any user.
>
> Yeah, I kind of knew that.  Really, the only way to restrict access
> intra-VM is to get into the whole code permissions thing.
> Incidentally, this is handled nicely in the OSGi service platform.
> People have different ideas of what OSGi is; perhaps modular bundles,
> jar metadata, etc., but when it comes down to it, it is a
> comprehensive framework.  Like any good framework, written by
> experienced developers, you find yourself needing certain
> functionality that it already has a story for.  In this case, we could
> use bundle permissions to restrict access between, for example, an
> LDAP protocol provider bundle and a core DIT bundle.


We have to find a place in the roadmap for OSGI, that's for sure !  I bet
that the best timing to start a first drop of OSGi code will be after
1.5.0release, around may or june.

Emmanuel



-- 
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message