On Jan 24, 2006, at 11:45 AM, Garner Andrews wrote:
We have our own security app that we've revealed with a web
service. We
want to replace the Jetspeed2 authentication and authorization
functions
with our app. Has anyone experimented with this at all yet? Can you
even swap out the internal portal maintenance users' security roles or
do you have to use what's already there? I'm really trying to
gauge the
level of effort this will take. I've read everything I have found so
far in the mail archives and in the other support areas and not found
answers to these questions yet. If I missed something, please don't
hesitate to point me in the right direction.
If you can express your authorization requirements purely in terms of
the jetspeed user, group, and role principals, and use the jetspeed
principal to permission mapping, you should be able to simply replace
the jetspeed login module with one that communicates with your
security server. If you require more sophisticated identity to
permission mapping you may have to implement a Policy to replace the
jetspeed RdbmsPolicy: this would involve removing or ignoring the
jetspeed framework for managing permissions, although I would
strongly recommend still using the jetspeed permissions to describe
what the authorization decision is about. There are a couple places
in the current code where the PermissionManager is accessed directly
instead of using the Policy but I'm hoping those will get fixed
shortly, they are in some patches I've submitted.
I've been thinking about some of these issues while working on the
geronimo-jetspeed integration (JS2-444) and considering how the
geronimo security framework should develop and am wondering if you
could describe at a high level the capabilities of your security
server and what kinds of authorization decisions you need to make.
many thanks,
david jencks
Thanks,
Garner
C. Garner Andrews
Enterprise Architect
CompuNet Consulting Group, Inc.
+mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
