geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Clasen <tickt...@speakeasy.net>
Subject Re: J2EE security
Date Tue, 12 Aug 2003 14:18:47 GMT
I too believe that Geronimo should be able integrate with existing user 
management tools, through a 
layer that makes it very easy to "plug-in" different security providers. 
 Maybe with some sort of security-mapping deployment descriptor
that describes how to get infotmation from say, Active Directory, into 
the J2EE security context.

As well I I think it would be a great value add to provide a standard 
set of interfaces, and backing implementations,  for making more 
granular "user based" run time decisions. The J2EE role based stuff can 
be useful, but in many cases dosen't go far enough to enable you to make 
the decisions you need to make in an applicaiton. Again it would be nice 
to provide a declarative mechanism for mapping this type of information 
into the "User Profile"

Scott C


>
>I'd love to be able to use existing user management tools like Active
>Directory, Entrust, or ACE to handle user setup, configuration, and
>authentication. So, I'd suggest building one solid and secure mechanism
>into Geronimo and then spend effort integrating other Enterprise
>authentication services so he can play nice with others. Definitely a
>differentiator in the Enterprise.
>
>On Mon, 2003-08-11 at 09:15, Prashant Bhatt wrote: 
>  
>
>>1) Specification: Understand the Specification properly. This will include both 
>>the J2EE security issue and the stand-alone security issues. My experience with 
>>J2EE security has not been good. I'am sorry to say that , but it's true that the 
>>spec isn't smart on all these issues and is preety silent on the client 
>>containers contract.
>>    
>>
>
>This is great; we should also try to understand where the specification
>is deficient and implement the "right thing" there. For example, while
>J2EE specifies a declarative deploy-time access control system, I'm not
>aware (which may be me, of course ;-) of any J2EE standard for making
>run-time access control decisions. Geronimo should provide a reasonable
>implementation for this until the specification catches up.
>
>  
>



Mime
View raw message