Return-Path: Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 15596 invoked from network); 25 Oct 1999 21:57:55 -0000 Received: from pasiphae.xerox.com (HELO pasiphae.eastgw.xerox.com) (root@208.140.33.23) by apache.org with SMTP; 25 Oct 1999 21:57:55 -0000 Received: from pmdf2.cinops.xerox.com (pmdf2.cinops.xerox.com [13.250.20.176]) by pasiphae.eastgw.xerox.com (8.9.3/8.9.3) with ESMTP id RAA24378 for ; Mon, 25 Oct 1999 17:57:49 -0400 (EDT) Received: from CONVERSION-DAEMON by mail.xerox.com (PMDF V5.1-12 #U3277) id <01JHK6PIVIW09KMFCA@mail.xerox.com> for tomcat-dev@jakarta.apache.org; Mon, 25 Oct 1999 17:57:43 EDT Received: from usaxeroxbh1.USA.XEROX.COM by mail.xerox.com (PMDF V5.1-12 #U3277) with ESMTP id <01JHK6P8SLS29KMFUX@mail.xerox.com> for tomcat-dev@jakarta.apache.org; Mon, 25 Oct 1999 17:57:26 -0400 (EDT) Received: by usaxeroxbh1.usa.xerox.com with Internet Mail Service (5.5.2448.0) id ; Mon, 25 Oct 1999 17:56:21 -0400 Content-return: allowed Date: Mon, 25 Oct 1999 17:56:20 -0400 From: "Carreira, Jason" Subject: RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core R equestAdapter.java RequestAdapterImpl.java To: "'tomcat-dev@jakarta.apache.org'" Message-id: MIME-version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT > I see 3 solutions: > - ServerAdapter ( isUserInRole() is not request-specific, you > can call it for any user, and outside > a Request context). Defaults should be used if the server > doesn't support that ( IIS, etc), in > case the adapter doesn't support it > > - Make it a "deployment" issue ( how we configure to keep the > configs in sync ). > > - make it part of the "security" framework. You can have an > "ApacheRealm", and do > security callbacks to apache. Again - we need an interface > to allow callbacks to Apache, > but in this case the "Adapter" needs to provide generic > support for callbacks, and you > can use in the security framework. > Just my $.02, but I think it would make the most sense to have a ServerAdapter for lots of server-specific services, one of which would be a getRealmAdapter() or somesuch to get an instance of a security framework service provider (the ServerAdapter would know what security framework service provider it wants to use)... kind of a combination of your 1 and 3... then you could have an ApacheServerAdapter that talks specifically to Apache, and an ApacheRealmAdapter that does authentication and role-to-group mapping...