On 26 Jan 2006, at 23:18, Dain Sundstrom wrote:
On Jan 26, 2006, at 3:03 PM, David Jencks wrote:
Security
Several of us are already looking at various things to improve in
our security setup. One aspect that could probably use quite a
bit more research is how to integrate with third party security
servers. I see 2 levels of integration, one where the security
server provides a Subject and we deal with authorization based on
the principals supplied, the other where we delegate the
authorization decisions as well to the security server.
I'd love to see an integration with http://jpam.sourceforge.net/
Also, I think we should look at providing built in simple user
management apis and a console plugin. I'm thinking of something
that covers the 80% of use cases, username/password + groups, with
the ability to add, remove, modify and suspend accounts.
I've heard good things about Acegi
http://acegisecurity.org/
and its already nicely IoC'd as its used extensively in Spring projects
James
-------
http://radio.weblogs.com/0112098/
