On Sat, Feb 15, 2003 at 11:56:34AM -0500, Rodrigo Reyes wrote: > Torque. Since we don't want to use Torque just because of the > security service, we have been thinking about creating our own > Security Service basing it on JAAS. [snip] > But even if JASF gets into Turbine, is it JAAS based? Thanx...
This JAAS issue came up when JASF was being discussed, as you have noted, but after browsing the Sun website, unless you can convince me otherwise, I really doubt that JAAS is the type of thing you're looking for. Specifically, there is a quote of what JAAS can do: "Describes a utility program that authenticates a user using JAAS and executes any application as that user." http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorials/index.html JAAS, to me, seems like a low-level security system specifically built into the Java runtime to allow things like above, e.g. authenticating the name/password a user gives against, say, a Kerberos database, and then letting them execute the Java code under a special set of permissions. Is this really what you want to do? Perhaps it is, but I'm thinking most users of Turbine just want to authenticate from an HTTP/SOAP/XML-RPC request, not via a Kerberos, or similarly complex, authentication server, and then authorize access to certain web pages and user data, not control what classes/files/etc. the user can load within the Java VM. Though perhaps I'm missing a part of JAAS? Do you have a link to an example of what you want JAAS to do within the context of Turbine? Thanks, Stephen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
