portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetspeed-...@jakarta.apache.org
Subject [jira] Created: (JS2-114) Provide a More Modular Security Implementation
Date Sat, 04 Sep 2004 22:14:36 GMT

  A new issue has been created in JIRA.

View the issue:

Here is an overview of the issue:
        Key: JS2-114
    Summary: Provide a More Modular Security Implementation
       Type: Improvement

     Status: Open
   Priority: Major

    Project: Jetspeed 2
   Fix Fors:

   Assignee: David Le Strat
   Reporter: David Le Strat

    Created: Sat, 4 Sep 2004 3:12 PM
    Updated: Sat, 4 Sep 2004 3:12 PM

The current security implementation makes it difficult to swap the default implementation
for another implementation.  Based on the security requirements, J2 users may want to:

- Persist users in various datastore.  This affect user security as well as user attributes.
- Persist role and group in various datastore.
- Map to multiple credentials.
- Change the default security mapping implementation.


- Provide a more modular security approach based on handlers for principals and credentials.
 The new security SPI model will introduce and AuthenticationProvider and a SecurityProvider.
 The AuthenticationProvider is essentially a utility/bridge class for the LoginModule.  The
SecurityProvider provides access through an SPI model to a UserSecurityHandler, CredentialHandler,
RoleHandler, GroupHandler, and SecurityMappingHandler.  The SecurityProvider is used by the
aggregate services (UserManager, RoleManager and GroupManager) and therefore allow substitution
of the backing store at the aggregate level.  The default implementation will essentially
provide the current implementation behavior but will facilitate the introduction of new backing

- The second step of this rework will address user attribute and provide the support for multiple
backing stores as well.  This will essentially require the ability to use a specific Prefs
implementation backing store.

This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:

If you want more information on JIRA, or have a bug to report see:

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message