Return-Path: Delivered-To: apmail-incubator-geronimo-dev-archive@incubator.apache.org Received: (qmail 92165 invoked by uid 500); 12 Aug 2003 22:50:27 -0000 Mailing-List: contact geronimo-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: geronimo-dev@incubator.apache.org Delivered-To: mailing list geronimo-dev@incubator.apache.org Received: (qmail 92135 invoked from network); 12 Aug 2003 22:50:27 -0000 Received: from mail16.speakeasy.net (HELO mail.speakeasy.net) (216.254.0.216) by daedalus.apache.org with SMTP; 12 Aug 2003 22:50:27 -0000 Received: (qmail 27894 invoked from network); 12 Aug 2003 22:50:34 -0000 Received: from unknown (HELO speakeasy.net) (ticktock@[66.92.172.132]) (envelope-sender ) by mail16.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 12 Aug 2003 22:50:34 -0000 Message-ID: <3F396F38.1070601@speakeasy.net> Date: Tue, 12 Aug 2003 18:50:32 -0400 From: Scott Clasen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Nash Foster CC: geronimo-dev@incubator.apache.org Subject: Re: J2EE security References: <200308111316.h7BDGbnp020745@phys-apex-2.india.sun.com> <1060694509.17969.30.camel@dijkstra> <3F38F747.9090706@speakeasy.net> <1060699243.17969.59.camel@dijkstra> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I wasnt so much talking about plugability in the JAAS sense, clearly we can have a JAAS module for each type of Security System. JAAS is the way to go. What I was trying to describe was to provide an easy, declarative way of mapping physical Users and Groups into logical roles defined in app deployment descriptors. Something akin to a Websphere Custom User Registry, but with no coding required. For user based stuff I would envision the same type of declarative "User Profile" which could be placed in the Subject's credentials, and back out into the app through a JAAS login, but again some standard User Profile interface with different implementations for various security providers. Nash Foster wrote: >On Tue, 2003-08-12 at 10:18, Scott Clasen wrote: > > >>I too believe that Geronimo should be able integrate with existing user >>management tools, through a >>layer that makes it very easy to "plug-in" different security providers. >> Maybe with some sort of security-mapping deployment descriptor >>that describes how to get infotmation from say, Active Directory, into >>the J2EE security context. >> >> > >This is what JAAS does; its based upon PAM. Check it out: >http://java.sun.com/products/jaas/index-10.html > >Geronimo should satisfy this requirement. > >-nash > > > >*********************************************************************** >This message is intended only for the use of the intended recipient and >may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you >are not the intended recipient, you are hereby notified that any use, >dissemination, disclosure or copying of this communication is strictly >prohibited. If you have received this communication in error, please >destroy all copies of this message and its attachments and notify us >immediately. >*********************************************************************** > > >