Stefan's suggestion gave me an idea, though (several actually). What you really need is a way to bypass the security checks in SecurityImpl based on some aspect of the request. I went through several ideas involving extending WebdavServelt or Domain to provide different NamespaceAccessTokens with different Security implementations based on where the request came from. This should be viable, but as I was writing this I realized that simply providing your own Security implementation that always returned true for a specific user should be enough. You'll still need to authenticate to the app server as that user, but since the Security implementation doesn't actually do any checking it should speed things up. For requests that aren't from the special user come in your implementation can just call ACLSecurityImpl (or another implementation) to do the checking, which should add very little overhead to the existing system.
-James
Ritu Kedia wrote:
BTW how does JAAS decide what client currently accesses the webdav server?
JAAS can't detect that. In my case below I would have distinguished between
the 2 modes by the namespace (if that solution was possible).
Regards, Ritu
-----Original Message----- From: Stefan L�tzkendorf [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 2:50 PM To: Slide Users Mailing List Subject: Re: A question on security configuration
I recently thought about a "scoped SecurityImpl" because we want to have different security checking mechanics on different scopes. On one scope we want to use Slides ACL Security and on an other we want to use the Security checking of our own system.
We could of course have a SecurityImpl that permits all actions.
But I'm not sure that meets your problem, because your need to use different scopes.
BTW how does JAAS decide what client currently accesses the webdav server?
Regards, Stefan
Ritu Kedia wrote:
I am using Slide in 2 modes: 1. From within my Application, in which case my application acts as the entry point for a client. 2. From a third party client, in which case Slide is the entry point for
the
client.
Slide is accessed from within my application using the Slide WebDAV client lib. Whereas it is accessed from the third party client via WebDAV (e.g. WebFolders in MS). In both these cases, the authentication is done using JAAS. And authorization depends on the mode of access. When accessed from within my application, the authorization will be done by my application but when accessed directly from a 3rd party client, the authorization should be
done
by Slide's security support. In other words, my requirement is to turn off Slide's security in one mode and turn it on in the other mode. Both modes would be active simultaneously. Could someone please provide me any hints/help with designing a solution for the above requirement?
One thought is to have 2 different namespaces, one for each of the above mode. Both these namespaces would access the same store but would have different security configurations. Is this achievable? I think this
depends
on whether slide.properties is applicable per namespace or per domain. If anyone has implemented such a solution, then please do let me know.
Regards, Ritu
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
