On Fri, 10 May 2002 22:41, Gonzalo A. Diethelm wrote:
> > > * Are there any BASIC components/abstractions in Avalon to deal
> > > with security? By that I mean authentication and authorization
> > > (as in role-based permission management).
...
> Would there be any value in creating one? A very generic interface-
> based security abstraction?
Yes there is a bunch of interest :) Any serious application that needs to
add/remove Users to the system and to manage roles etc needs something to get
it going.
You may want to have a look at
jakarta-avalon-cornerstone/src/java/org/apache/avalon/cornerstone/services/security/*
It has some interfaces to define RoleManagement and Authorization. It does not
do any authentication management but it sorta assumed that JAAS would be used
for that.
> Something along the lines of:
Looks interesting but I would be more likely to use a system that used the
built in classes of JVM. ie User --> Principle, Action --> Permission.
>
> interface User {
> User(String identity);
> String getIdentity();
> }
>
> interface Credential {
> Credential(String data);
> String getData();
> }
>
> interface Authenticator {
> boolean checkUserCredential(User user, Credential credential);
> }
>
> interface Action {}
>
> interface Authorizer {
> boolean canUserDoThis(User user, Action action);
> }
>
> interface Session {
> void setUser(User user);
> User getUser();
>
> void setAuthenticator(Authenticator authenticator);
> Authenticator getAuthenticator();
>
> void setAuthorizer(Authorizer);
> Authorizer getAuthorizer();
>
> void authenticateUser(Credential credential);
> boolean isUserAuthenticated();
>
> boolean canUserDoThis(User user, Action action);
> }
--
Cheers,
Peter Donald
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
