geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <Alan.Cabr...@reuters.com>
Subject RE: Jetty and JACC
Date Thu, 20 Nov 2003 21:29:51 GMT
Jan,

Thanks for the quick reply.

> -----Original Message-----
> From: Jan Bartel [mailto:janb@mortbay.com] 
> 
> You don't necessarily have to replace a particular Jetty Handler. 
> Handlers are arranged in a chain, so to introduce new behaviour it is 
> possible to just insert another Handler in the chain. Not 
> sure if this 
> will be possible here or not.

It's not possible since the web container must solely rely on the JACC
permission check.  If I put a JaccHandler in the chain, after the
SecurityHandler, it effectively short circuits the JACC permission check.
If I put the JaccHandler before the SecurityHandler, it virtually removes
the SecurityHandler.

> Also, there is an access point into the web app context that 
> is called 
> as a thread enters and leaves a web app which might be 
> another place to 
> look at if you need to set up any thread local stuff (we've already 
> subclassed the standard Jetty web app as 
> o.a.g.w.jetty.JettyWebApplicationContext).

Good idea.  Thanks for the pointer.

> Finally, however it is done, we need to keep in mind that we 
> must also 
> be able to plug-in other web containers.

Yep, I think I'm there on that account w/ the basic building blocks, their
mbeans, and utility classes.

> Let me have a read of the JACC spec so I have a better understanding 
> what is required and I can comment better.

Some advice, skim chapter three.  It's a tedious spec on how to translate
the descriptors into sets of Permissions.  Chapter 4 is where the tire hits
the road, more specifically section 4.2.


Regards,
Alan


---------------------------------------------------------------- 
      Visit our Internet site at http://www.reuters.com 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <http://www.reuters.com/messaging> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

Mime
View raw message