incubator-projects mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Cymbalak <>
Subject Re: high level design from wiki
Date Wed, 23 Jul 2008 19:41:26 GMT
Can we just use jSecurity and let them deal with it? :-)


At 12:36 PM 7/22/2008, Roland Weber wrote:
>I had a quick look on randomly selected other
>application servers.
>Glassfish uses JAAS, but requires login modules to
>be derived from a SUN-specific class. It supports
>both LDAP and JDBC, though JDBC seems to be somewhat tricky.
>DB table layout looks similar to Tomcat, but Glassfish
>enforces password hashing.
>Jetty can use JAAS, but requires login modules to
>be derived from a Jetty-specific class. It has
>login modules for both LDAP and JDBC.
>DB table layout looks similar to Tomcat.
>I am beginning to feel like a DB user repository
>is not as problematic as I thought, since every
>app server we checked so far, except for WebSphere,
>comes with built-in support.
>On the other hand, I am beginning to wonder how
>useful JAAS really is for a security architecture,
>if every other app server requires login modules
>to be derived from a specific base class. Maybe
>we can at least use additional container agnostic
>JAAS modules to populate the Subject with the
>information that the access manager will need.
>   Roland
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message