Steve Freeman
Mon, 26 Feb 2001 10:31:57 -0800
Santiago, The problem is that the built-in code is per-process (read: per-JVM) and it not the required per-thread which we need for Jetspeed. So we couldn't use the internal stuff without extending the Jetspeed code to do the ACL checking. Let me be *very* clear: The Jetspeed code *must* initiate the ACL processing. JAAS allows you to plug in new auth mechanisms. It still has the problem as per the above statement. Thomas, I've looked into the built-in mechanisms for my own work. The framework consists of a set of interface classes. Sun provides a default implementation as the com.sun.* classes (I forget the rest of the naming, it's been awhile). Suffice it to say that the framework is very flexible and will allow us to implement the security mechanisms as we see fit. We just need to plug in the right classes. Steve -- -------------------------------------------------------------- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Search: <http://www.mail-archive.com/jetspeed@list.working-dogs.com/> List Help?: [EMAIL PROTECTED]