geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <...@toolazydogs.com>
Subject RE: Conceptual problem with security auto-mapping?
Date Sat, 20 Nov 2004 01:47:08 GMT


> -----Original Message-----
> From: David Jencks [mailto:djencks@apache.org]
> Sent: Friday, November 19, 2004 7:50 PM
> 
> I think there is a conceptual problem with the current auto-mapping
> security code.
> 
> This should be done at deployment time (soon it will even be possible
> for web apps).
> 
> However, the realms needed are going to be part of the server
> configuration, not the ("static") deployment configuration.  Therefore
> they may or may not be started at deployment time.  It looks to me as
> if the automapping requires the realm to be running in order to get
the
> default principal and set of principal classes.
> 
> So far I don't see a good solution to this problem.  Ideas?

Here are my feelings:

- The roles should be auto mapped at deployment time.  The auto
generated role mappings are frozen at deployment time; this keeps things
tractable. 
- The auto mappers should be divorced from the security realms.
- We need to add live mapping mechanisms to our JAAC policy
configurations but, this is a separate paradigm from auto mapping.

Regards,
Alan



Mime
View raw message