As long as we can write such a plugin pretty quickly, then that sounds
like a good solution.
David - do you see this kind of pluggable authentication going back into
Lift, or staying as part of ESME?
It would be great if pluggable authentication made it into Lift, and was
then simply integrated into ESME as a result. I'm happy to help out
where I can (I know Java authentication & authorisation pretty well),
but most Lift-related code is still pretty opaque to me, unfortunately.
Cheers,
Darren
David Pollak wrote:
On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller <[email protected]>wrote:
Hi,
is it possible to standardize the interface from ESME to the servlet
container:
I'd strongly prefer not to do that. It's fine for the auth plugin to do
that, but this would mean that the container needs to support OpenID if an
ESME instance is to support OpenID.
There are two relevant API calls in HttpServletRequest (which get feeded
from the container where they run in)
- getUserPrincipal()
- isUserinrole()
The main task would be that we in ESME we rely on the results of these two
calls (however there will be OpenID/NTLM etc. specific handling in a
special
JAAS module with special database tables)
Kind regards,
Daniel
On Tue, Jan 6, 2009 at 8:45 PM, David Pollak
<[email protected]>wrote:
Darren,
I'm going to split out the auth part of ESME. There will a generic "auth
data" table that will contain generic information for authentication
schemes. Each scheme (and many schemes may be present simultaneously)
will
write a row in the table.
I'll write the openid plugin and you can write others.
How does that sound?
Thanks,
David
On Tue, Jan 6, 2009 at 10:51 AM, Darren Hague <[email protected]>
wrote:
Quick notes from the 1st part of the Scrum call today (Dick to produce
notes from part 2).
We need to look at auth approach, with JAAS preferred for J2EE
container-based authentication & authorisation. This will give easy
access
to enterprise-based authentication systems. OpenID, while a good
initial
choice, is causing usability and technical problems and is of little
relevance to the enterprise context.
Daniel will look at removing the OpenID dependency from ESME (mostly by
asking David and the rest of the Lift community)
Darren will look at doing a JAAS/Lift sample app which cas serve as the
basis for JAAS auths in ESME, and of course can be contributed back to
Lift.
Cheers,
Darren
--
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
--
---
Daniel Koller
Jahnstrasse 20
80469 München * [email protected]
