On Thu, Jun 21, 2001 at 04:14:28PM -0400, Berin Loritsch wrote:
> Martin Man wrote:
> >
> > hi,
> > I agree with you completely (although must say that haven't got a
> > chance to take a look at JAAS deeply) because I was also already thinking
> > about the uniform API for authentication (to be incorporated with validators -
> > session creation, etc.)...
>
> Quick summary: JAAS is Java's version of PAM for your application. It is
> pluggable, configurable, and allows you to control how information
> is displayed.
>
o.k., then I'm enthusiasted and I'm going to study JAAS :-))
> > ... and I've seen that until now we (me) are rather duplicating lot of
> > things that have been done by servlet api's basic-auth and form-auth (which
> > are IMO useless for cocoon itself, cause they can protect only whole servlet)
>
> This is true. I don't like the Servlet API's "auth" methods because they are
> not customizable, and you can't make it work from your own database without
> hacking the ServletEngine.
>
> > ... and I also would like to see it embeded somewhere in the sitemap
> > syntax, because resource protection and authentication is part of every webapp
> > nowadays so why still hack around with some custom-made actions, validators,
> > etc. (not even mentioning possible kerberos incorporation)... would this be
> > possible with JAAS easily (presumming sitemap or cocoon.xconf will be
> > involved)... something like PAM under linux is doing
>
> That was my whole point. You would be able to allow only certain Principals
> to view certain pages.
>
rgds,
martin
--
-------------------------------------------------------------------------------
"Only dead fish swims with a stream"
gpg_key_available: http://globales.cz/~mman/martin.man.gpg
gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09 7BCB 6202 7024 6E06 0223
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
