geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Geronimo and Tivoli Access Manager (TAM)
Date Sat, 28 Jan 2006 18:36:30 GMT
Thanks for the info.  This helps give me some direction in what I was  
already planning to do :-)

Right now we are tied to the geronimo JACC implementation in roughly  
two places:

- the security builder is hard coded to recognize our particular  
schema for principal - role mapping

- the gbean that sets up the JACC PolicyConfiguration  
(ApplicationPolicyConfigurationManager) also sets up our proprietary  
extension handling principal-role mapping.

I plan to change this so that:

- processing security xml such as our principal-role mapping is done  
by a pluggable builder selected by namespace

- restricting the ApplicationPolicyConfigurationManager gbean to  
handle the JACC spec specific role - permission mapping  and  
delegating through a gbean reference to a new "RoleMapper" pluggable  
component that can install whatever proprietary information (in our  
case the principal-role mapping) the particual JACC implementation  
needs.

If I understand correctly we will be able to install a WAS -friendly  
JACC implementation that implements the WAS RoleConfigurationFactory  
and RoleConfiguration interfaces by defining a suitable schema,  
writing a builder that will process this xml format and configure the  
final piece, a gbean on our side implementing the "RoleMapper"  
interface that will use these WAS interfaces to configure the JACC  
implementation itself.


I'm moving this to the dev list since we are starting to talk about  
design :-)

Many thanks,
david jencks

On Jan 27, 2006, at 12:08 PM, Cristian Roldan wrote:

> Hi,
>    Some TAM-WAS-JACC docs.
>
> This is the WAS's infocenter .
>
> http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp? 
> topic=/com.ibm.websphere.express.doc/info/exp/ae/ 
> rsec_jacctroubles.html
>
>
> WAS 6 Security Handbook
>
> http://www.redbooks.ibm.com/abstracts/sg246316.html?Open
>
>
> Bye
>
> David Jencks <david_jencks@yahoo.com> escribió:
>
> On Jan 27, 2006, at 3:38 AM, Cristian Roldan wrote:
>
>> Hi,
>>
>> Should not be to difficult to create one though.
>>
>> Do you mean coding a JAAS module ?
>>
>> But my question ar:
>> Does geronimo support JACC ? if so can I use the Geronimo's JACC  
>> implementation to integrate with TAM ?
>>
>> Bye
>
> Geronimo supports JACC, but at the moment you can't really use  
> anything but Geronimo's JACC implementation.  I'm going to be  
> looking at making this pluggable very soon.
>
> Can you point to any documents indicating how TAM relates to  
> JACC?   The only JACC implementation I have seen is ours  so seeing  
> what other people get from the spec would be very useful :-)
>
> thanks
> david jencks
>
>>
>>
>>
>> Nicholas Irving <nirving@darkedges.com> escribió:
>> Hi,
>> I was not aware of a TAI available for Geronimo, but then again I  
>> was not aware of JACC in WebSphere 6. Should not be to difficult  
>> to create one though.
>>
>> NIrving
>>
>> From: Cristian Roldan [mailto:roldancer@yahoo.com.ar]
>> Sent: Friday, 27 January 2006 3:14 AM
>> To: user@geronimo.apache.org
>> Subject: Geronimo and Tivoli Access Manager (TAM)
>>
>> Hi All,
>>     Does someone configure Geronimo and TAM ? Is Geronimo's JACC  
>> interface mature enough ? Can I use Geronimo's JACC to integrate  
>> with TAM ? Any experience ?
>>
>> Thanks!!!
>> 1GB gratis, Antivirus y Antispam
>> Correo Yahoo!, el mejor correo web del mundo
>> Abrí tu cuenta aquí
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.375 / Virus Database: 267.14.23/240 - Release Date:  
>> 25/01/2006
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Free Edition.
>> Version: 7.1.375 / Virus Database: 267.14.23/242 - Release Date:  
>> 26/01/2006
>>
>>
>> 1GB gratis, Antivirus y Antispam
>> Correo Yahoo!, el mejor correo web del mundo
>> Abrí tu cuenta aquí
>
>
> __________________________________________________
> Correo Yahoo!
> Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar


Mime
View raw message