On Jan 24, 2006, at 1:04 PM, David Jencks wrote:
On Jan 24, 2006, at 11:45 AM, Garner Andrews wrote:
We have our own security app that we've revealed with a web
service. We
want to replace the Jetspeed2 authentication and authorization
functions
with our app. Has anyone experimented with this at all yet? Can you
even swap out the internal portal maintenance users' security
roles or
do you have to use what's already there? I'm really trying to
gauge the
level of effort this will take. I've read everything I have found so
far in the mail archives and in the other support areas and not found
answers to these questions yet. If I missed something, please don't
hesitate to point me in the right direction.
If you can express your authorization requirements purely in terms
of the jetspeed user, group, and role principals, and use the
jetspeed principal to permission mapping, you should be able to
simply replace the jetspeed login module with one that communicates
with your security server. If you require more sophisticated
identity to permission mapping you may have to implement a Policy
to replace the jetspeed RdbmsPolicy: this would involve removing or
ignoring the jetspeed framework for managing permissions, although
I would strongly recommend still using the jetspeed permissions to
describe what the authorization decision is about. There are a
couple places in the current code where the PermissionManager is
accessed directly instead of using the Policy but I'm hoping those
will get fixed shortly, they are in some patches I've submitted.
I've been thinking about some of these issues while working on the
geronimo-jetspeed integration (JS2-444) and considering how the
geronimo security framework should develop and am wondering if you
could describe at a high level the capabilities of your security
server and what kinds of authorization decisions you need to make.
I should perhaps point out that I'm working to integrate JS2 with
geronimo so as to use the geronimo JACC implementation, which is
running into some of the same issues. In particular I'm using the
geronimo JACC-based Policy rather than the jetspeed Policy. I'd
certainly be interested to find out more about your specific
requirements.
thanks
david jencks
many thanks,
david jencks
Thanks,
Garner
C. Garner Andrews
Enterprise Architect
CompuNet Consulting Group, Inc.
+mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
