geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alan Cabrera <>
Subject RE: J2EE security
Date Tue, 12 Aug 2003 14:40:06 GMT

> -----Original Message-----
> From: Nash Foster [] 
> Edward Flick wrote: 
> Just out of curiosity, are you planning on using the Sun 
> reference implementation of JAAS or rolling your own? If the 
> later, definitely build a plain-text password scheme 
> first--it'll be easier to test and verify the architecture 
> that way. Other than that SRP seems like a reasonable next step.

I'm not clear on what you mean by the statement "rolling your own" since
there is no reference implementation of JAAS per se, in that it is included
in JDK1.4.  Do you mean the examples?

> I'd love to be able to use existing user management tools 
> like Active Directory, Entrust, or ACE to handle user setup, 
> configuration, and authentication. So, I'd suggest building 
> one solid and secure mechanism into Geronimo and then spend 
> effort integrating other Enterprise authentication services 
> so he can play nice with others. Definitely a differentiator 
> in the Enterprise.

It strikes me that these can easily be included by adding more LoginModules.



View raw message