geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: JACC
Date Wed, 26 Apr 2006 23:14:38 GMT

On Apr 26, 2006, at 1:43 PM, David Jencks wrote:

> On Apr 26, 2006, at 1:16 AM, wrote:
>> I'm implementing the Provider Contract of the JACC specs as we  
>> speak. Since the specs aren't very clear I am consulting Jonas,  
>> JBoss and Geronimo implementations to clear up any unknowns. I  
>> have noticed that the GeronimoPolicyConfiguration class doesn't  
>> check the "setPolicy" permission on a number of methods even  
>> though this is required by the specs.
>> I believe this should be fixed in order for Geronimo to be truly  
>> JSR-115 compliant.
> As Alan said, please file a jira pointing out where the problems are.
>> Furthermore the linkConfiguration method isn't implemented. I did  
>> provide an implementation for this method which I'd be happy to  
>> share for what it's worth with the developer(s) in charge of  
>> Geronimo JACC. Obviously I made an educated guess at this  
>> implementation as again, the specs are highly unclear on this.
> Do you think our implementation has incorrect behavior?  My opinion  
> is that our implementation does not need the linkConfiguration  
> method to do anything, although we call it per the spec.  I'd like  
> to know what you think our implementation needs to do differently.   
> I certainly agree about the clarity of the specs :-)

I talked with Alan some more on IRC and that refreshed my memory of  
what is going on here.  AFAICT the linkConfiguration method is  
intended to spread around whatever proprietary information such as  
principal <> role mapping that the jacc provider requires, among the  
modules in a j2ee application.  In geronimo, we enforce that you can  
specify this information in only one place per ear, so there is no  
need to spread it over the different modules.  However, it would be a  
good idea to implement linkConfiguration so that our jacc provider  
could be used in other containers.  If you want to come up with a  
patch for that we'd be happy to take a look.

david jencks

> thanks
> david jencks
>> Cheers,
>> Peter

View raw message