geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Flick <>
Subject RE: Apache Geronimo Security
Date Tue, 28 Oct 2003 15:43:53 GMT
Kewl, well I'm glad I'm not the only that see's the
usefulness in a recursive solution.  I always thought
that using just rolenames, was just a hack to an
obviously recursive problem.

Man, sounds like an awesome LoginModule I would sure
like to see it.  License (Apache, GPL, LGPL?).  Do you
have any comments on the SASL vs. GSSAPI debate?


--- Kevin Conner <>
> I hope you two don't mind me adding something to the
> discussion, I hope it
> is pertinent.
> I have a login module that does something similar to
> what it being proposed
> by Edward,
> the recursive mapping of the role principals until
> no more mapping can be
> performed.
> Associated with each of these roles are properties
> that are used to fine
> tune the
> security or provide general user properties (the
> user principal also has
> associated
> properties).
> I was asked to implement this because our clients
> required a hierarchical
> approach
> to security; they wanted the ability to specify a
> role in terms of other
> roles.
> This has worked very well in our environment and our
> customers heavily use
> this capability, mapping the roles onto their own
> organisational structure.
> IMHO the login module is the best place for this
> mapping, for performance
> reasons
> if no other, and it would be easy to abstract the
> recursive nature into a
> base class.
> I also agree, again IMHO, that the login module is
> the best place because
> the JAAS
> framework delegates this responsibility to the login
> module.
> Once again, I hope you don't mind this intrusion.
> 	Kev

Edward Flick
Enterprise Applications Designer / Database Administrator / Web Administrator
CDF, Inc.

Do you Yahoo!?
Exclusive Video Premiere - Britney Spears

View raw message