Santiago,
The problem is that the built-in code is per-process (read: per-JVM) and it
not the required per-thread which we need for Jetspeed. So we couldn't use
the internal stuff without extending the Jetspeed code to do the ACL
checking. Let me be *very* clear: The Jetspeed code *must* initiate the
ACL processing.
JAAS allows you to plug in new auth mechanisms. It still has the problem
as per the above statement.
Thomas,
I've looked into the built-in mechanisms for my own work. The framework
consists of a set of interface classes. Sun provides a default
implementation as the com.sun.* classes (I forget the rest of the naming,
it's been awhile). Suffice it to say that the framework is very flexible
and will allow us to implement the security mechanisms as we see fit. We
just need to plug in the right classes.
Steve
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/jetspeed@list.working-dogs.com/>
List Help?: [EMAIL PROTECTED]
