That could be a solution for my project. Could you point me which object I will have to implement in order to have a JDBCSecurityService implemented? Thanx
Rodrigo ----- Original Message ----- From: "Humberto Hernandez Torres" <[EMAIL PROTECTED]> To: "Turbine Developers List" <[EMAIL PROTECTED]> Sent: Monday, February 17, 2003 10:07 AM Subject: RE: Is there some new security service being developed? > You can develop your own implementations of the SecurityService. For > example a JDBCSecurityService or an OJBSecurityService could be > usefull for some people. > -- > Humberto > > > -----Original Message----- > > From: Rodrigo Reyes [mailto:[EMAIL PROTECTED]] > > Sent: Monday, February 17, 2003 8:56 AM > > To: Turbine Developers List > > Subject: Re: Is there some new security service being developed? > > > > > > Stephen > > Ok, I know JAAS was not specificly designed with webapps > > in mind. Still, > > I think that the fact that it is a low-level security > > framework makes it > > specially secure. I have been thinking that every action and > > screen could > > implement the PrivilegedAction Interface so the default > > implementation of > > the run method is the one which, on authorization succed, executes the > > doPerform or doBuildTemplate methods. What do you think? > > On the other hand, I have been told that there is a new > > security service > > being developed, but it will still rely on Torque. Since > > Torque is being > > decoupled from Turbine, I think relying the security service > > on it is not a > > very good idea, since there will be some users that would > > like to use the > > security framework, but wouldn't like to use Torque (and that > > is my specific > > case). > > I am not saying a Torque based security service is not > > useful. I am > > saying the security framework should be thougth as open as > > possible so any > > one could implement a new engine under its API (read > > interfaces) without > > hurting the rest of Turbine. Sorry if this is an old issue > > already, but I am > > new to the mailing list. Hope this all makes sense :) > > > > Rodrigo > > > > > > ----- Original Message ----- > > From: "Stephen Haberman" <[EMAIL PROTECTED]> > > To: "Turbine Developers List" <[EMAIL PROTECTED]> > > Sent: Saturday, February 15, 2003 3:37 PM > > Subject: Re: Is there some new security service being developed? > > > > > > > On Sat, Feb 15, 2003 at 11:56:34AM -0500, Rodrigo Reyes wrote: > > > > Torque. Since we don't want to use Torque just because of the > > > > security service, we have been thinking about creating our own > > > > Security Service basing it on JAAS. > > > [snip] > > > > But even if JASF gets into Turbine, is it JAAS based? Thanx... > > > > > > This JAAS issue came up when JASF was being discussed, as you have > > > noted, but after browsing the Sun website, unless you can convince > > > me otherwise, I really doubt that JAAS is the type of thing you're > > > looking for. Specifically, there is a quote of what JAAS can do: > > > > > > "Describes a utility program that authenticates a user using JAAS > > > and executes any application as that user." > > > > > > > > http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorial > s/index.html > > > > JAAS, to me, seems like a low-level security system specifically > > built into the Java runtime to allow things like above, e.g. > > authenticating the name/password a user gives against, say, a > > Kerberos database, and then letting them execute the Java code under > > a special set of permissions. > > > > Is this really what you want to do? Perhaps it is, but I'm thinking > > most users of Turbine just want to authenticate from an > > HTTP/SOAP/XML-RPC request, not via a Kerberos, or similarly complex, > > authentication server, and then authorize access to certain web > > pages and user data, not control what classes/files/etc. the user > > can load within the Java VM. > > > > Though perhaps I'm missing a part of JAAS? Do you have a link to an > > example of what you want JAAS to do within the context of Turbine? > > > > Thanks, > > Stephen > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
