Return-Path: Delivered-To: apmail-jakarta-jetspeed-dev-archive@www.apache.org Received: (qmail 72041 invoked from network); 15 Apr 2004 22:59:31 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 15 Apr 2004 22:59:31 -0000 Received: (qmail 27477 invoked by uid 500); 15 Apr 2004 22:59:14 -0000 Delivered-To: apmail-jakarta-jetspeed-dev-archive@jakarta.apache.org Received: (qmail 27456 invoked by uid 500); 15 Apr 2004 22:59:14 -0000 Mailing-List: contact jetspeed-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Jetspeed Developers List" Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@jakarta.apache.org Received: (qmail 27440 invoked from network); 15 Apr 2004 22:59:13 -0000 Received: from unknown (HELO post-21.mail.nl.demon.net) (194.159.73.20) by daedalus.apache.org with SMTP; 15 Apr 2004 22:59:13 -0000 Received: from [82.161.89.203] (helo=hellraiser3) by post-21.mail.nl.demon.net with esmtp (Exim 3.36 #2) id 1BEFpI-000CPe-00; Thu, 15 Apr 2004 22:59:20 +0000 Message-ID: <005901c4233d$5a7bb350$0202a8c0@hellraiser3> Reply-To: "Ate Douma" From: "Ate Douma" To: "David Le Strat" , "Jetspeed Developers List" References: <20040415213745.16417.qmail@web40210.mail.yahoo.com> Subject: Re: [J2] RFI: Security implementation (2) Date: Fri, 16 Apr 2004 00:59:48 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N David Le Strat wrote: > Ate, > > I agree with you that this could be an interesting > feature. I was not planning on implementing this > initially. Be we should be able to incorporate this > easily though. Anyone want to take this on? Great to hear. I think the required changes for implementing this could be relatively small. Adding a boolean disabled attribute to o.a.j.security.BasePrincipal would do it (and of course BasePrincipalImpl and the object model behind it). The LoginModule, UserManager, GroupManager and RoleManager then can decide on this attribute if the Principal may be used (in isUserInRole(), isGroupInRole(), etc.) Maybe I'll can spend some personal time on this in a few weeks time. If somebody beats me to it, well I won't mind :-) Ate > > David. > > --- Ate Douma wrote: >> One more think I like to know about the (future) >> security implementation: >> >> I have the requirement to be able to disable a user, >> a role and/or a group. >> In J1 a user can be disabled but not a role or a >> group. >> I guess disabling users will be supported by J2 to >> allow migration from J1 >> but what about roles and groups? >> >> It would allow for really advanced access management >> in J2 without it >> getting in the way for who doesn't need it (could >> even be *hidden* through >> configuration if needed). >> >> To have this standard available in J2 would be very >> nice, not only for me >> but I think for most large J2 implementations. >> Implementation itself would >> be quite easy and the gain enormous. >> >> Is this something which I may expect to be >> implemented, must I create a >> feature request for it first, or will this never be >> part of the default J2 >> (in which case I will be required to change J2 to be >> able to implement >> it). >> >> Regards, Ate >> >> > --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> jetspeed-dev-unsubscribe@jakarta.apache.org >> For additional commands, e-mail: >> jetspeed-dev-help@jakarta.apache.org >> > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Tax Center - File online by April 15th > http://taxes.yahoo.com/filing.html --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org