Re: [Re: [PortletRegistry, Portlet names and the PortletFactory]]

Mon, 01 May 2000 19:57:02 -0700 

"Kevin A. Burton" <[EMAIL PROTECTED]> wrote:
> We need a better way to abstract user authentication.  JAAS is
> interesting but that means another SUN jar.  Java Security (would
> require JDK 1.2) would be another way but this has its problems.  Any
> way users can authenticate should be provided but this much harder than
> it sounds.

Wouldn't Turbine's authentication/authorization abstraction work?  Example: we
needed to change the way users were authenticated, stored, and role/priv
information retrieved.  We extended turbine to use our auth code and
everything is running great.  Why wouldn't this give all the
authentication/authorization flexibility needed?  If you want a different
authentication mechanism, just extend Turbine in the proper manner.  If you
want to store the user/role/priv's somewhere other than a db, just extend
turbine properly.
 
> I was going to map the isAdmin role to a Turbine privilege so...  Maybe
> some of the Admin portlets would be cool to have in your custom page. 
> Maybe some meta info like how many portlets are currently within
> Jetspeed or when the last updates were done.  Certainly this isn't
> something I should constrain to the Admin screen.

This is what I was sort of thinking.  Use turbine's privs for the user logged
in.  Then Jetspeed could use any role/priv string in the markup or something
that could easily be checked by the controller when determining the portlets. 
If the user doesn't have access, they don't get the portlet.
  
> Role support would be way off for 1.2...
> accomplish for 1.2.  That is unless you are volunteering to make it
> happen :)

Lot more xml stuff for me to learn yet before I'm comfortable changing
mark-ups around and stuff.  The gears are grinding, but probably not by 1.2.


Jeffrey D. Brekke
mailto:[EMAIL PROTECTED]
http://sites.netscape.net/ekkerbj/homepage


____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to