Ian wrote:
> Hi all:
>
> Does anyone know of a freely available implementation of the
> java.security.acl interfaces that uses JDBC against access control
> information stored in a relational database?
>
> I want to use these standard, open interfaces for my JSP/servlet app
> infrastructure controlling users, groups and their resource permissions.
> Many people must have implemented these already for their servlet systems.
> Have any been made publicly available?
>
I don't know of any generally useful implementation of these interfaces, but I
have a suggestion for some additional research for you
Version 2.2 of the servlet API includes the ability to define "declarative"
security, based on the concepts of Principals and role names. The exact same
security architecture is defined in EJB 1.1, so it will likely be common to
delegate responsibilities for this stuff to your application server containers
(once these standards are implemented) versus coding support for the ACL
interfaces directly in your applications.
GIven that servers implementing these new APIs will be available fairly soon, you
might want to think about how much effort to invest administering security
yourself (via the ACL APIs or other such mechanisms) versus container managed
security.
For more information, see the specifications for servlet 2.2 and EJB 1.1,
available at the JavaSoft web site. The "Application Programming Model" document
on the Java2 Enterprise Edition (J2EE) site also has some useful discussions of
security mechanisms using these new approaches.
http://java.sun.com/j2ee
>
> Thanks,
>
> Ian
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
