geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Conner <Kevin.Con...@orchard-systems.co.uk>
Subject RE: Apache Geronimo Security
Date Tue, 28 Oct 2003 16:30:43 GMT
> Kewl, well I'm glad I'm not the only that see's the
> usefulness in a recursive solution.  I always thought
> that using just rolenames, was just a hack to an
> obviously recursive problem.

For the most part our security does rely on the roles, it's only
in very specific cases that it requires the property information.

The recursion is really an implementation detail of our module,
nothing more.  Each user is directly assigned to specific roles and
these roles can inherit other roles.  All my code does is walk
this hierarchy to produce a flat list of roles that is then
passed back via the login module.

> Man, sounds like an awesome LoginModule I would sure
> like to see it.  License (Apache, GPL, LGPL?).

It's really nothing special, just an example of why recursion
might be useful.  I still think it is the login module's
responsibility though :-)

> Do you have any comments on the SASL vs. GSSAPI debate?

I wouldn't say that I had enough experience of either to make
any comment but I am watching with interest ;-)

	Kev

Mime
View raw message