incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: [PROPOSAL] Incubate JSecurity Project
Date Sun, 08 Jun 2008 16:15:47 GMT
Frank W. Zammetti wrote:

> Noel J. Bergman wrote:
> > I also see that JSecurity web support relies on a return to
> > application-level security based on a filter, rather than rely on
container
> > management, which has evolved as a cornerstone of Java programming.
> >  The reliance on a filter is probably because JSecurity is not (yet?)
integrated
> > with the Java standards in the security space.
>
> I've been watching this proposal because I'm very interested in
> JSecurity as a whole, but I think Noel raises an interesting point
> here.  At least in Websphere, you can have container-managed security on
> the method-level for EJBs, which doesn't have to be called form a
> webapp, so a filter-based approach couldn't provide this.  I'd LOVE to
> be able to get rid of IBM's security subsystem and replace it with
> JSecurity, but if it can't allow the same sort of thing then I can't do
> that.

Orthogonal issue, but potentially instructive -- what don't you like about
IBM's subsystem?  FWIW, container-managed, role-based, authorization on web
contraints and EJB method permissions is straight from the specifications.

> Is that capability, or lack thereof, a limitation inherent in the
> approach JSecurity has taken, or is it just a case of a feature
> that is planned for down the road?

Possibly the latter, if they were to provide support for JACC
(http://java.sun.com/j2ee/javaacc/) aka JSR-115
(http://www.jcp.org/en/jsr/detail?id=115).

	--- Noel



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message