You might want to check out the open source Expresso Application Framework -
an updated release was recently announced on the www.javacorporate.com site.
When combined with Javacorporate's eContent solution it addresses security
down to the resource level and at the function level. This commercial
solution is licensed with source code.
It's notification feature is useful for administrator/users being notified
when a given resourse is accessed or being notified when a **user** is
trying to access a **resource**, to which he/she has no **permissions**.
You can see a live implementation on the javacorporate site - as it is used
for the collaborative portal - which allows users to collaborate on the
company's products. When a user accesses one of the product demos - a
notification is sent internally to a sales associate for that product - and
a notice can also be sent automatically to the user based on 'specified
logic' such as whether it is their first access. If a user tries to access
Premium Support services to which they have not subscribed a notification is
again sent internally.
Sandra
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of
> Manisha Menon
> Sent: Monday, July 24, 2000 3:25 PM
> To: [EMAIL PROTECTED]
> Subject: Servlet Security Framework
>
>
> Hi all,
>
> Is there any security framework which is to be used in
> our web application for
> authentication and authorization services. Our
> application has got servlets,
> JSP and beans but no EJB. The security framework
> should be object-based and
> independent of the server.
>
> We have a framework which is almost similar to STRUTS
> framework from Apache
> by Craig. I suppose STRUTS as well as most of the
> framework available does not
> talk about security. Please correct me if I am wrong.
>
> Though the question is slighlty off-topic, I believe
> this forum is more
> knowledgeable and can throw more light. Also please
> note that this security
> framework has to be implemented using servlets and
> JSPs. So, only **you** can
> help.
>
> As such, we have decided to go for form-based
> authentication. For authorization,
> we are not sure how to go about.
>
> The basic requirements for user authorizations are :
>
> **Users** are to be authorized based on their
> **Permissions** granted to them
> through **Policy** file.
>
> There will be **Group** of users, who almost share the
> same characteristics. Of
> course, there will be **User policy** and **Group
> policy**. If **Permission** is
> granted to the **Group**, it is also to every **User**
> of the **Group**. Apart from
> that **Users** can enjoy special privileges, which are
> granted to them in their
> respective **User Policy**. It has to throw
> **exceptions** if any **user** is trying
> to access a **resource**, to which he has no
> **permissions**. So, the authorization has
> to be **resource level** and also at **function
> level** like add Item, Update Item,
> Delete Item.
>
> I am sorry if the requirements are vague.
>
> I will appreciate, if someone can provide me more
> information on the same lines or even
> on similar lines. Even Suitable pointers can be shown,
> are highly welcome.
>
> Thank you so much,
>
> Manisha
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Get Yahoo! Mail � Free email you can access from anywhere!
> http://mail.yahoo.com/
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
