geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <Alan.Cabr...@reuters.com>
Subject RE: Apache Geronimo Security
Date Tue, 28 Oct 2003 16:46:37 GMT
Kevin,

All comments are welcome and yours are very pertinent.  

Regards,
Alan

> -----Original Message-----
> From: Kevin Conner [mailto:Kevin.Conner@orchard-systems.co.uk] 
> Sent: Tuesday, October 28, 2003 5:23 AM
> To: 'geronimo-dev@incubator.apache.org'
> Subject: RE: Apache Geronimo Security
> 
> 
> I hope you two don't mind me adding something to the 
> discussion, I hope it is pertinent.
> 
> I have a login module that does something similar to what it 
> being proposed by Edward, the recursive mapping of the role 
> principals until no more mapping can be performed. Associated 
> with each of these roles are properties that are used to fine 
> tune the security or provide general user properties (the 
> user principal also has associated properties).
> 
> I was asked to implement this because our clients required a 
> hierarchical approach to security; they wanted the ability to 
> specify a role in terms of other roles.
> 
> This has worked very well in our environment and our 
> customers heavily use this capability, mapping the roles onto 
> their own organisational structure.
> 
> IMHO the login module is the best place for this mapping, for 
> performance reasons if no other, and it would be easy to 
> abstract the recursive nature into a base class. I also 
> agree, again IMHO, that the login module is the best place 
> because the JAAS framework delegates this responsibility to 
> the login module.
> 
> Once again, I hope you don't mind this intrusion.
> 
> 	Kev
> 


---------------------------------------------------------------- 
      Visit our Internet site at http://www.reuters.com 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <http://www.reuters.com/messaging> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

Mime
View raw message