tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glenn Nielsen <gl...@voyager.apg.more.net>
Subject Re: First day - RE: PROPOSAL: Tomcat docs
Date Thu, 05 Jul 2001 11:47:49 GMT
Antony Bowesman wrote:
> 
> Punky Tse wrote:
> >
> > Rob,
> >     Please see below for rephrased version of Introduction and
> >     Administrator Guide.
> >
> > I combined the Introduction and Administrator's Guide to Administrator
> > Guide.  Actually this is my proposed TOC.  And I believe that we need
> > separate document for different Tomcat servers.  e.g. 3.3 and 4.0.
> >
> 
> <snip>
> 
> > II. Server Administration
> >
> > 6. Configuring Server
> >
> > 7. Configuring Web Applications
> >
> > 8. Security
> 
> How about
> 8.1 Concepts - Explanation of J2EE and Java 2 security models
> 8.2 Authentication with Realms
> 8.2.1 Simple realm
> 8.2.2 JDBC Realm
> 8.2.3 Custom realms
> 8.3 Authorization
> 8.3.1 J2EE role based
> 
> In particular, it should try to explain in simpler terms than the API
> spec how J2EE roles are designed to work, covering the mapping from
> developer roles to deployment roles.
> 
> 8.3.2 Java 2 security policy
> 

I would break the above into two sections.

Access Control (for all the Realm based access control)

and

Server Security (for configuring and using Tomcat with the Java SecurityManager)

These really are two completely different topics.  And use of Realms isn't
"Security", it is "Access Control".

Regards,

Glenn

----------------------------------------------------------------------
Glenn Nielsen             glenn@more.net | /* Spelin donut madder    |
MOREnet System Programming               |  * if iz ina coment.      |
Missouri Research and Education Network  |  */                       |
----------------------------------------------------------------------

Mime
View raw message