directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Re: [core] Best way to internally authenticate for getting a DirContext
Date Thu, 15 Mar 2007 20:29:47 GMT
On 3/15/07, Enrique Rodriguez <> wrote:
> On 3/15/07, Alex Karasulu <> wrote:
> > This totally stinks for now but you're right it's the only way
> currently.  I
> > could expose an API to just request a context without authentication
> however
> > this would allow stored procedures in the server to do that as well and
> > assume any user.
> Yeah, I kind of knew that.  Really, the only way to restrict access
> intra-VM is to get into the whole code permissions thing.
> Incidentally, this is handled nicely in the OSGi service platform.
> People have different ideas of what OSGi is; perhaps modular bundles,
> jar metadata, etc., but when it comes down to it, it is a
> comprehensive framework.  Like any good framework, written by
> experienced developers, you find yourself needing certain
> functionality that it already has a story for.  In this case, we could
> use bundle permissions to restrict access between, for example, an
> LDAP protocol provider bundle and a core DIT bundle.

We have to find a place in the roadmap for OSGI, that's for sure !  I bet
that the best timing to start a first drop of OSGi code will be after
1.5.0release, around may or june.


Emmanuel L├ęcharny

View raw message