that describes how to get infotmation from say, Active Directory, into the J2EE security context.
As well I I think it would be a great value add to provide a standard set of interfaces, and backing implementations, for making more granular "user based" run time decisions. The J2EE role based stuff can be useful, but in many cases dosen't go far enough to enable you to make the decisions you need to make in an applicaiton. Again it would be nice to provide a declarative mechanism for mapping this type of information into the "User Profile"
Scott C
I'd love to be able to use existing user management tools like Active Directory, Entrust, or ACE to handle user setup, configuration, and authentication. So, I'd suggest building one solid and secure mechanism into Geronimo and then spend effort integrating other Enterprise authentication services so he can play nice with others. Definitely a differentiator in the Enterprise.
On Mon, 2003-08-11 at 09:15, Prashant Bhatt wrote:
1) Specification: Understand the Specification properly. This will include both the J2EE security issue and the stand-alone security issues. My experience with J2EE security has not been good. I'am sorry to say that , but it's true that the spec isn't smart on all these issues and is preety silent on the client containers contract.
This is great; we should also try to understand where the specification is deficient and implement the "right thing" there. For example, while J2EE specifies a declarative deploy-time access control system, I'm not aware (which may be me, of course ;-) of any J2EE standard for making run-time access control decisions. Geronimo should provide a reasonable implementation for this until the specification catches up.
