geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Clasen <tickt...@speakeasy.net>
Subject Re: J2EE security
Date Tue, 12 Aug 2003 22:50:32 GMT
I wasnt so much talking about plugability in the JAAS sense, clearly we 
can have a JAAS module for each type of Security System. JAAS is the way 
to go. What I was trying to describe was to provide an easy, declarative 
way of mapping physical Users and Groups  into logical roles defined in 
app deployment descriptors. Something akin to a Websphere Custom User 
Registry, but with no coding required.

For user based stuff I would envision the same type of declarative "User 
Profile" which could be placed in the Subject's credentials, and back 
out into the app through a JAAS login, but  again some standard User 
Profile interface with different implementations for various security 
providers.



Nash Foster wrote:

>On Tue, 2003-08-12 at 10:18, Scott Clasen wrote:
>  
>
>>I too believe that Geronimo should be able integrate with existing user 
>>management tools, through a 
>>layer that makes it very easy to "plug-in" different security providers. 
>> Maybe with some sort of security-mapping deployment descriptor
>>that describes how to get infotmation from say, Active Directory, into 
>>the J2EE security context.
>>    
>>
>
>This is what JAAS does; its based upon PAM. Check it out:
>http://java.sun.com/products/jaas/index-10.html
>
>Geronimo should satisfy this requirement.
>
>-nash
>
>
>
>***********************************************************************
>This message is intended only for the use of the intended recipient and
>may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
>are not the intended recipient, you are hereby notified that any use,
>dissemination, disclosure or copying of this communication is strictly
>prohibited.  If you have received this communication in error, please
>destroy all copies of this message and its attachments and notify us
>immediately.
>***********************************************************************
>
>  
>




Mime
View raw message