[
http://jira.codehaus.org/browse/MRM-270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joakim Erdfelt updated MRM-270:
-------------------------------
Description:
If Archiva is to be deployed in organisations like Investment Banks (I work for
Lehman Brothers) then it needs to support fine-grained access to
Apache Jackrabbit, a webdav server which can be used as a maven repository, has
the AccessManager interface. This can be integrated with a central
Authorisation service and users can be given permissions to add and modify
artifacts for a particular groupId (directory).
It's great that archiva allows for JAAS authentication. It also needs to
support custom authorisation for artifacts.Until it does, I'll need to use
Jackrabbit. This is a shame because it looks like you have some great features
related to artifact management and reporting.
I appreciate that I could put constraints in web.xml, but this doesn't work in
my use case. I need to dynamically decide whether a user has access every time
a request is made.
was:
If Archiva is to be deployed in organisations like Investment Banks (I work for
Lehman Brothers) then it needs to support fine-grained access to
Apache Jackrabbit, a webdav server which can be used as a maven repository, has
the AccessManager interface. This can be integrated with a central
Authorisation service and users can be given permissions to add and modify
artifacts for a particular groupId (directory).
It's great that archiva allows for JAAS authentication. It also needs to
support custom authorisation for artifacts.Until it does, I'll need to use
Jackrabbit. This is a shame because it looks like you have some great features
related to artifact management and reporting.
I appreciate that I could put constraints in web.xml, but this doesn't work in
my use case. I need to dynamically decide whether a user has access every time
a request is made.
Affects Version/s: 1.0-alpha-1
Fix Version/s: Future
Postponing to future version.
> Enterprise-level security. Artifact-level constraints on user access. Dynamic
> authorisation.
> --------------------------------------------------------------------------------------------
>
> Key: MRM-270
> URL: http://jira.codehaus.org/browse/MRM-270
> Project: Archiva
> Issue Type: Wish
> Components: Users/Security
> Affects Versions: 1.0-alpha-1
> Reporter: David Boden
> Fix For: Future
>
>
> If Archiva is to be deployed in organisations like Investment Banks (I work
> for Lehman Brothers) then it needs to support fine-grained access to
> Apache Jackrabbit, a webdav server which can be used as a maven repository,
> has the AccessManager interface. This can be integrated with a central
> Authorisation service and users can be given permissions to add and modify
> artifacts for a particular groupId (directory).
> It's great that archiva allows for JAAS authentication. It also needs to
> support custom authorisation for artifacts.Until it does, I'll need to use
> Jackrabbit. This is a shame because it looks like you have some great
> features related to artifact management and reporting.
> I appreciate that I could put constraints in web.xml, but this doesn't work
> in my use case. I need to dynamically decide whether a user has access every
> time a request is made.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
