RE : how to replace jetspeed's security?

Thu, 13 Jun 2002 08:06:34 -0700 

Hi,

It'll be better with the replay, sorry for the empty mail,

I'm also very interested as to how to unplug the Turbine based security.
What I can tell about your mail is that it's very difficult to guess how
far you want to go in the authorization aspect. Do you mean to treat
other security aspects than those that are implemented in the current
cvs version?

Do you intend to implements other http authentication mechanisms other
that the basic authentication?

For the LDAP server aspect I think you just have to implement your
JetspeedLDAPSecurityServer. For my point of view, there is no need to
modify the turbine loginUser and logoutUser actions.


My two cents,

Desire

-----Message d'origine-----
De�: JiaoZhiping [mailto:[EMAIL PROTECTED]] 
Envoy�: lundi 10 juin 2002 14:55
��: [EMAIL PROTECTED]
Objet�: how to replace jetspeed's security?

     Now we want to replay the jetspeed security with our j2ee asp
security.. ...
     we store data by  LDAP server.
     And we plan the whole system use the uniform anthentication and
authorization.
     it's a very urgent plan. i have read source code of jetspeed and
turbine.
      i think i can change turbine loginuser action , replace the code
below,get  user and password provide by our security provider.


        String username = data.getParameters().getString( "username", ""
);
        String password = data.getParameters().getString( "password", ""
);

i have read some document about jetspeed security
The Jetspeed Security Service extends the interface of the Turbine
 Security Service, adding on the Jetspeed specific interface:
AccessControl
 for controlling access to portal resources (portlets, panes).

so i think if i want  to replace the security service provided by
jetspeed ,
first i replace turbine loginuser action ,get username and password from
our
security service
and replace the turbine's  acl by our own acl.

then change the  jetspeed 's accesscontrol to portal resource ......use
our
authentication and authority...

can you tell me if it's possible ?
please give me some advice....thanks a lot in advance..




    SORRY... English is not my  native language.




--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to