Hi All, What ever the security mechanism is that is chosen, I think it should be a number #1 priority to fit into Sun's JAAS model (it's in JDK 1.4 now so we can't hide from it). NOw I am no expert on JAAS, but IMHO that will enable people to integrate a bit easier into other Java related technologies (i.e. J2EE). It still amazes me that everyone keeps having to roll their own security layers into their apps (not just in Turbine, and hey, I've just done this myself in the last 12 months). The more integration with already proven technologies the best chance of success, and shorter time to release (possibly a bold statement).
cheers, Paul Smith > -----Original Message----- > From: Colin Chalmers [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 8 January 2003 5:00 AM > To: Turbine Developers List > Subject: Re: New Security Service [was RE: TurbineUser - Extending it? > Maybe you should not have to.] > > > Would it be able to plug into other systems? ie Tomcat's > Realm or Suns JAAS? > > The discussion surrounding security was quite lively about a > year ago (was > it really a year ago?) with some good suggestions on > improving the current > service. > > Should we perhaps re-waken this discussion and see if we get > any further? > > /c > > > > > Speaking of this topic, I had an idea one night about > security. After a > > > couple hours I came up with this: > > > > > > http://dan.envoisolutions.com/jasf/ > > > > > > It seems to be pretty flexible, but I'm not sure everyone > would like > > > using it. I wanted something where I could authenticate not only > > > webpages, but other resources - such as access to various > components in > > > my system. I even wrote a XML user and permission based > system for it. > > > > > > Thoughts? > > > > I like it. How do you specify the controllers you want to use? I'm > > thinking from the point of view of a Turbine security service, you > > would probably want to configure that from the properties file. > > > > In fact, I think it works pretty much like the thing I came up with. > > Good work! ;-) > > > > > - Dan Diephouse > > > > Regards, > > > > > > -- > > Gonzalo A. Diethelm > > [EMAIL PROTECTED] > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
