Yes, that is the point. Suppose you have your Turbine application. Well, it is able to use the ResourceManager to lookup a ResourceAccessController. How the ResourceAccessController acts for each function is entirely up to you. We would probably want to package it with the default DB service, but you could easily design it so it loads JAASAccessController instead of DBAccessController for the turbine resource type (ie: a web page). Hope this makes sense :)

- Dan

Colin Chalmers wrote:
Would it be able to plug into other systems? ie Tomcat's Realm or Suns JAAS?

The discussion surrounding security was quite lively about a year ago (was
it really a year ago?) with some good suggestions on improving the current
service.

Should we perhaps re-waken this discussion and see if we get any further?

/c



Speaking of this topic, I had an idea one night about security.  After a
couple hours I came up with this:

http://dan.envoisolutions.com/jasf/

It seems to be pretty flexible, but I'm not sure everyone would like
using it.  I wanted something where I could authenticate not only
webpages, but other resources - such as access to various components in
my system.  I even wrote a XML user and permission based system for it.

Thoughts?
I like it. How do you specify the controllers you want to use? I'm
thinking from the point of view of a Turbine security service, you
would probably want to configure that from the properties file.

In fact, I think it works pretty much like the thing I came up with.
Good work! ;-)



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to