incubator-projects mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Cymbalak <a.cymba...@nechtan.org>
Subject Re: high level design from wiki
Date Wed, 23 Jul 2008 19:41:26 GMT
Can we just use jSecurity and let them deal with it? :-)

Angie

At 12:36 PM 7/22/2008, Roland Weber wrote:
>I had a quick look on randomly selected other
>application servers.
>
>Glassfish uses JAAS, but requires login modules to
>be derived from a SUN-specific class. It supports
>both LDAP and JDBC, though JDBC seems to be somewhat tricky.
>DB table layout looks similar to Tomcat, but Glassfish
>enforces password hashing.
>https://glassfish.dev.java.net/javaee5/security/faq.html#pluglogin
>http://codepimpsdotorg.blogspot.com/2007/12/glassfish-jdbc-realm-authentication.html
>
>
>Jetty can use JAAS, but requires login modules to
>be derived from a Jetty-specific class. It has
>login modules for both LDAP and JDBC.
>DB table layout looks similar to Tomcat.
>http://docs.codehaus.org/display/JETTY/JAAS
>
>
>I am beginning to feel like a DB user repository
>is not as problematic as I thought, since every
>app server we checked so far, except for WebSphere,
>comes with built-in support.
>
>On the other hand, I am beginning to wonder how
>useful JAAS really is for a security architecture,
>if every other app server requires login modules
>to be derived from a specific base class. Maybe
>we can at least use additional container agnostic
>JAAS modules to populate the Subject with the
>information that the access manager will need.
>
>cheers,
>   Roland
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: projects-unsubscribe@incubator.apache.org
>For additional commands, e-mail: projects-help@incubator.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: projects-unsubscribe@incubator.apache.org
For additional commands, e-mail: projects-help@incubator.apache.org


Mime
View raw message