incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darren Hague <dha...@fortybeans.com>
Subject Re: Scrum call summary (authentication section)
Date Tue, 06 Jan 2009 21:02:29 GMT
As long as we can write such a plugin pretty quickly, then that sounds 
like a good solution.

David - do you see this kind of pluggable authentication going back into 
Lift, or staying as part of ESME?

It would be great if pluggable authentication made it into Lift, and was 
then simply integrated into ESME as a result.    I'm happy to help out 
where I can (I know Java authentication & authorisation pretty well), 
but most Lift-related code is still pretty opaque to me, unfortunately.

Cheers,
Darren



David Pollak wrote:
> On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller <dakoller@googlemail.com>wrote:
>
>   
>> Hi,
>>
>> is it possible to standardize the interface from ESME to the servlet
>> container:
>>     
>
>
> I'd strongly prefer not to do that.  It's fine for the auth plugin to do
> that, but this would mean that the container needs to support OpenID if an
> ESME instance is to support OpenID.
>
>
>   
>> There are two relevant API calls in HttpServletRequest (which get feeded
>> from the container where they run in)
>>
>> - getUserPrincipal()
>> - isUserinrole()
>>
>> The main task would be that we in ESME we rely on the results of these two
>> calls (however there will be OpenID/NTLM etc. specific handling in a
>> special
>> JAAS module with special database tables)
>>
>> Kind regards,
>>
>> Daniel
>>
>> On Tue, Jan 6, 2009 at 8:45 PM, David Pollak
>> <feeder.of.the.bears@gmail.com>wrote:
>>
>>     
>>> Darren,
>>>
>>> I'm going to split out the auth part of ESME.  There will a generic "auth
>>> data" table that will contain generic information for authentication
>>> schemes.  Each scheme (and many schemes may be present simultaneously)
>>>       
>> will
>>     
>>> write a row in the table.
>>>
>>> I'll write the openid plugin and you can write others.
>>>
>>> How does that sound?
>>>
>>> Thanks,
>>>
>>> David
>>>
>>> On Tue, Jan 6, 2009 at 10:51 AM, Darren Hague <dhague@fortybeans.com>
>>> wrote:
>>>
>>>       
>>>> Quick notes from the 1st part of the Scrum call today (Dick to produce
>>>> notes from part 2).
>>>>
>>>> We need to look at auth approach, with JAAS preferred for J2EE
>>>> container-based authentication & authorisation. This will give easy
>>>>         
>>> access
>>>       
>>>> to enterprise-based authentication systems. OpenID, while a good
>>>>         
>> initial
>>     
>>>> choice, is causing usability and technical problems and is of little
>>>> relevance to the enterprise context.
>>>>
>>>> Daniel will look at removing the OpenID dependency from ESME (mostly by
>>>> asking David and the rest of the Lift community)
>>>> Darren will look at doing a JAAS/Lift sample app which cas serve as the
>>>> basis for JAAS auths in ESME, and of course can be contributed back to
>>>>         
>>> Lift.
>>>       
>>>> Cheers,
>>>> Darren
>>>>         
>>>
>>>
>>> --
>>> Lift, the simply functional web framework http://liftweb.net
>>> Collaborative Task Management http://much4.us
>>> Follow me: http://twitter.com/dpp
>>> Git some: http://github.com/dpp
>>>
>>>       
>>
>> --
>> ---
>> Daniel Koller
>> Jahnstrasse 20
>> 80469 M√ľnchen * dakoller@googlemail.com
>>
>>     
>
>
>
>   


Mime
View raw message