Darren, For now, I think it's an ESME solution. If I can generalize it, I'll back-port it to Lift.
Thanks, David On Tue, Jan 6, 2009 at 1:02 PM, Darren Hague <[email protected]> wrote: > As long as we can write such a plugin pretty quickly, then that sounds like > a good solution. > > David - do you see this kind of pluggable authentication going back into > Lift, or staying as part of ESME? > > It would be great if pluggable authentication made it into Lift, and was > then simply integrated into ESME as a result. I'm happy to help out where > I can (I know Java authentication & authorisation pretty well), but most > Lift-related code is still pretty opaque to me, unfortunately. > > Cheers, > Darren > > > > > David Pollak wrote: > >> On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller <[email protected] >> >wrote: >> >> >> >>> Hi, >>> >>> is it possible to standardize the interface from ESME to the servlet >>> container: >>> >>> >> >> >> I'd strongly prefer not to do that. It's fine for the auth plugin to do >> that, but this would mean that the container needs to support OpenID if an >> ESME instance is to support OpenID. >> >> >> >> >>> There are two relevant API calls in HttpServletRequest (which get feeded >>> from the container where they run in) >>> >>> - getUserPrincipal() >>> - isUserinrole() >>> >>> The main task would be that we in ESME we rely on the results of these >>> two >>> calls (however there will be OpenID/NTLM etc. specific handling in a >>> special >>> JAAS module with special database tables) >>> >>> Kind regards, >>> >>> Daniel >>> >>> On Tue, Jan 6, 2009 at 8:45 PM, David Pollak >>> <[email protected]>wrote: >>> >>> >>> >>>> Darren, >>>> >>>> I'm going to split out the auth part of ESME. There will a generic >>>> "auth >>>> data" table that will contain generic information for authentication >>>> schemes. Each scheme (and many schemes may be present simultaneously) >>>> >>>> >>> will >>> >>> >>>> write a row in the table. >>>> >>>> I'll write the openid plugin and you can write others. >>>> >>>> How does that sound? >>>> >>>> Thanks, >>>> >>>> David >>>> >>>> On Tue, Jan 6, 2009 at 10:51 AM, Darren Hague <[email protected]> >>>> wrote: >>>> >>>> >>>> >>>>> Quick notes from the 1st part of the Scrum call today (Dick to produce >>>>> notes from part 2). >>>>> >>>>> We need to look at auth approach, with JAAS preferred for J2EE >>>>> container-based authentication & authorisation. This will give easy >>>>> >>>>> >>>> access >>>> >>>> >>>>> to enterprise-based authentication systems. OpenID, while a good >>>>> >>>>> >>>> initial >>> >>> >>>> choice, is causing usability and technical problems and is of little >>>>> relevance to the enterprise context. >>>>> >>>>> Daniel will look at removing the OpenID dependency from ESME (mostly by >>>>> asking David and the rest of the Lift community) >>>>> Darren will look at doing a JAAS/Lift sample app which cas serve as the >>>>> basis for JAAS auths in ESME, and of course can be contributed back to >>>>> >>>>> >>>> Lift. >>>> >>>> >>>>> Cheers, >>>>> Darren >>>>> >>>>> >>>> >>>> >>>> -- >>>> Lift, the simply functional web framework http://liftweb.net >>>> Collaborative Task Management http://much4.us >>>> Follow me: http://twitter.com/dpp >>>> Git some: http://github.com/dpp >>>> >>>> >>>> >>> >>> -- >>> --- >>> Daniel Koller >>> Jahnstrasse 20 >>> 80469 München * [email protected] >>> >>> >>> >> >> >> >> >> > > -- Lift, the simply functional web framework http://liftweb.net Collaborative Task Management http://much4.us Follow me: http://twitter.com/dpp Git some: http://github.com/dpp
