>From the top of my head you have to implement org.apache.turbine.services.SecurityService, org.apache.turbine.services.security.UserManager, and org.apache.fulcrum.security.entity.User; -- Humberto
> -----Original Message----- > From: Rodrigo Reyes [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 17, 2003 11:38 AM > To: Turbine Developers List > Subject: Re: Is there some new security service being developed? > > > That could be a solution for my project. Could you point me > which object I > will have to implement in order to have a JDBCSecurityService > implemented? > Thanx > > Rodrigo > > ----- Original Message ----- > From: "Humberto Hernandez Torres" <[EMAIL PROTECTED]> > To: "Turbine Developers List" <[EMAIL PROTECTED]> > Sent: Monday, February 17, 2003 10:07 AM > Subject: RE: Is there some new security service being developed? > > > > You can develop your own implementations of the SecurityService. For > > example a JDBCSecurityService or an OJBSecurityService could be > > usefull for some people. > > -- > > Humberto > > > > > -----Original Message----- > > > From: Rodrigo Reyes [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, February 17, 2003 8:56 AM > > > To: Turbine Developers List > > > Subject: Re: Is there some new security service being developed? > > > > > > > > > Stephen > > > Ok, I know JAAS was not specificly designed with webapps > > > in mind. Still, > > > I think that the fact that it is a low-level security > > > framework makes it > > > specially secure. I have been thinking that every action and > > > screen could > > > implement the PrivilegedAction Interface so the default > > > implementation of > > > the run method is the one which, on authorization succed, > executes the > > > doPerform or doBuildTemplate methods. What do you think? > > > On the other hand, I have been told that there is a new > > > security service > > > being developed, but it will still rely on Torque. Since > > > Torque is being > > > decoupled from Turbine, I think relying the security service > > > on it is not a > > > very good idea, since there will be some users that would > > > like to use the > > > security framework, but wouldn't like to use Torque (and that > > > is my specific > > > case). > > > I am not saying a Torque based security service is not > > > useful. I am > > > saying the security framework should be thougth as open as > > > possible so any > > > one could implement a new engine under its API (read > > > interfaces) without > > > hurting the rest of Turbine. Sorry if this is an old issue > > > already, but I am > > > new to the mailing list. Hope this all makes sense :) > > > > > > Rodrigo > > > > > > > > > ----- Original Message ----- > > > From: "Stephen Haberman" <[EMAIL PROTECTED]> > > > To: "Turbine Developers List" <[EMAIL PROTECTED]> > > > Sent: Saturday, February 15, 2003 3:37 PM > > > Subject: Re: Is there some new security service being developed? > > > > > > > > > > On Sat, Feb 15, 2003 at 11:56:34AM -0500, Rodrigo Reyes wrote: > > > > > Torque. Since we don't want to use Torque just because of the > > > > > security service, we have been thinking about creating our own > > > > > Security Service basing it on JAAS. > > > > [snip] > > > > > But even if JASF gets into Turbine, is it JAAS based? Thanx... > > > > > > > > This JAAS issue came up when JASF was being discussed, > as you have > > > > noted, but after browsing the Sun website, unless you > can convince > > > > me otherwise, I really doubt that JAAS is the type of > thing you're > > > > looking for. Specifically, there is a quote of what JAAS can do: > > > > > > > > "Describes a utility program that authenticates a user > using JAAS > > > > and executes any application as that user." > > > > > > > > > > > http://java.sun.com/j2se/1.4/docs/guide/security/jgss/tutorial > > s/index.html > > > > > > JAAS, to me, seems like a low-level security system specifically > > > built into the Java runtime to allow things like above, e.g. > > > authenticating the name/password a user gives against, say, a > > > Kerberos database, and then letting them execute the Java > code under > > > a special set of permissions. > > > > > > Is this really what you want to do? Perhaps it is, but > I'm thinking > > > most users of Turbine just want to authenticate from an > > > HTTP/SOAP/XML-RPC request, not via a Kerberos, or > similarly complex, > > > authentication server, and then authorize access to certain web > > > pages and user data, not control what classes/files/etc. the user > > > can load within the Java VM. > > > > > > Though perhaps I'm missing a part of JAAS? Do you have a > link to an > > > example of what you want JAAS to do within the context of Turbine? > > > > > > Thanks, > > > Stephen > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
