geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <...@toolazydogs.com>
Subject RE: [security] Authentication mechanism
Date Thu, 27 Nov 2003 20:05:23 GMT
All the roles and permissions are in the web.xml.  What do you mean by
the dynamic
granting of roles to users?
 
 
Regards,
Alan

	-----Original Message----- 
	From: Jan Bartel 
	Sent: Thu 11/27/2003 3:51 AM 
	To: geronimo-dev@incubator.apache.org 
	Cc: 
	Subject: Re: [security] Authentication mechanism
	
	

	Just to add to my list of questions ...
	
	How does the current mechanism implemented in
	o.a.g.security.PolicyConfigurationWeb.commit() cope with the
dynamic
	granting of roles to users? Looks like it is all set in concrete
at the
	time of the commit(), or are the roles and permissions concerned
those
	described in the web.xml?
	
	thanks again
	Jan
	
	
	
	Jan Bartel wrote:
	> I'm just taking a look at integrating the web tier security
with
	> Geronimo security. I've got a couple of questions:
	>
	> 1.  When/who should call setMBeanServer on the
	>     GeronimoLoginConfiguration? Should I call it
	>     just before doing a LoginContext login() call?
	>
	>
	> 2.  What code is responsible for configuring the SecurityRealm
	>     instances? Should they be configurable from the
	>     security-service.xml file?
	>
	> 3.  I still can't work out where the mapping of the user's
roles
	>     that are retrieved by the SecurityRealm are turned into
permissions
	>     suitable for a HttpRequest.isUserInRole() call impl?
	>
	> Any pointers on any of these would be welcome.
	>
	> thanks
	> Jan
	
	
	

Mime
View raw message