geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <>
Subject RE: Apache Geronimo Security
Date Tue, 28 Oct 2003 16:46:37 GMT

All comments are welcome and yours are very pertinent.  


> -----Original Message-----
> From: Kevin Conner [] 
> Sent: Tuesday, October 28, 2003 5:23 AM
> To: ''
> Subject: RE: Apache Geronimo Security
> I hope you two don't mind me adding something to the 
> discussion, I hope it is pertinent.
> I have a login module that does something similar to what it 
> being proposed by Edward, the recursive mapping of the role 
> principals until no more mapping can be performed. Associated 
> with each of these roles are properties that are used to fine 
> tune the security or provide general user properties (the 
> user principal also has associated properties).
> I was asked to implement this because our clients required a 
> hierarchical approach to security; they wanted the ability to 
> specify a role in terms of other roles.
> This has worked very well in our environment and our 
> customers heavily use this capability, mapping the roles onto 
> their own organisational structure.
> IMHO the login module is the best place for this mapping, for 
> performance reasons if no other, and it would be easy to 
> abstract the recursive nature into a base class. I also 
> agree, again IMHO, that the login module is the best place 
> because the JAAS framework delegates this responsibility to 
> the login module.
> Once again, I hope you don't mind this intrusion.
> 	Kev

      Visit our Internet site at 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

View raw message