Hi, Yes we it is better to use standard interfaces, we can use JAAS, I am not sure, but it seems JAAS is added to JDK 1.4 and it is possible to download it for JDK 1.3. It has configuration files, plugable login modules , principals, groups ... , but I think we will need it only for authentication ( LoginContext, LoginModule, Subject ), authorization must be more flexible. we will need this logic : 1. " Subject Has Permission on Class" 2. " Subject Has Permission on Method" 3. " Subject Has Permission on Object" JAAS will not help for this authorization, it because we must grant some permissions on runtime. Good examples for security (Authorization) design is jakarta-slide and www.jboss.org
> Hi Jouzas, > we talked about Security in the persistence classes > some days ago (read and write access). How about > using the java.security.acl interfaces for the > implementation or do you tend towards something > homegrown? > > ~Gerhard > > "Eagles may soar, but weasels don't get > sucked into jet engines. > (Todd C. Somers)" > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>