Re: Geronimo and Tivoli Access Manager (TAM)

[David Jencks]

Thanks for the info.  This helps give me some direction in what I was already planning to do :-) Right now we are tied to the geronimo JACC implementation in roughly two places: - the security builder is hard coded to recognize our particular schema for principal - role mapping - the gbean that sets up the JACC PolicyConfiguration (ApplicationPolicyConfigurationManager) also sets up our proprietary extension handling principal-role mapping. I plan to change this so that: - processing security xml such as our principal-role mapping is done by a pluggable builder selected by namespace - restricting the ApplicationPolicyConfigurationManager gbean to handle the JACC spec specific role - permission mapping  and delegating through a gbean reference to a new "RoleMapper" pluggable component that can install whatever proprietary information (in our case the principal-role mapping) the particual JACC implementation needs. If I understand correctly we will be able to install a WAS -friendly JACC implementation that implements the WAS RoleConfigurationFactory and RoleConfiguration interfaces by defining a suitable schema, writing a builder that will process this xml format and configure the final piece, a gbean on our side implementing the "RoleMapper" interface that will use these WAS interfaces to configure the JACC implementation itself. I'm moving this to the dev list since we are starting to talk about design :-) Many thanks, david jencks On Jan 27, 2006, at 12:08 PM, Cristian Roldan wrote: Hi,    Some TAM-WAS-JACC docs.   This is the WAS's infocenter .   http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rsec_jacctroubles.html     WAS 6 Security Handbook   http://www.redbooks.ibm.com/abstracts/sg246316.html?Open     Bye David Jencks <[EMAIL PROTECTED]> escribió: On Jan 27, 2006, at 3:38 AM, Cristian Roldan wrote: Hi,   Should not be to difficult to create one though.   Do you mean coding a JAAS module ?   But my question ar: Does geronimo support JACC ? if so can I use the Geronimo's JACC implementation to integrate with TAM ?   Bye Geronimo supports JACC, but at the moment you can't really use anything but Geronimo's JACC implementation.  I'm going to be looking at making this pluggable very soon.   Can you point to any documents indicating how TAM relates to JACC?   The only JACC implementation I have seen is ours  so seeing what other people get from the spec would be very useful :-) thanks david jencks   Nicholas Irving <[EMAIL PROTECTED]> escribió: Hi, I was not aware of a TAI available for Geronimo, but then again I was not aware of JACC in WebSphere 6. Should not be to difficult to create one though.   NIrving   From: Cristian Roldan [mailto:[EMAIL PROTECTED]] Sent: Friday, 27 January 2006 3:14 AM To: user@geronimo.apache.org Subject: Geronimo and Tivoli Access Manager (TAM)   Hi All,     Does someone configure Geronimo and TAM ? Is Geronimo's JACC interface mature enough ? Can I use Geronimo's JACC to integrate with TAM ? Any experience ?   Thanks!!! 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo Abrí tu cuenta aquí -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.23/240 - Release Date: 25/01/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.23/242 - Release Date: 26/01/2006 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo Abrí tu cuenta aquí __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar