Do I have to put it in JIRA?
On Mon, 2006-12-04 at 14:14 -0800, David Jencks wrote:
> We should move this to the dev list :-)
>
> Sorry for the delay, I wrote up some info on JACC at http://
> cwiki.apache.org/confluence/display/GMOxDEV/JACC+Guide
>
> I'll try to work on it some more and see if I can figure out how to
> link it from the dev wiki page.
>
> I don't know of much other info about JACC except the spec which is
> IMO a bit confusing about who does what.
>
>
>
> On Dec 2, 2006, at 9:40 PM, Diego L Espiñeira wrote:
>
> > I guess I have to implement/extend the following interfaces/classes
> > - org.apache.geronimo.j2ee.deployment.SecurityBuilder
> > - javax.security.jacc.PolicyConfiguration
> > - javax.security.jacc.PolicyConfigurationFactory
> > - java.security.Principal
> >
> > Is that right? Just what you did with all that TripleSec stuff, right?
> > Well, now I need to know how this classes are suppose to fit together.
> > I need any explanation i.e. "class A calls B when C happens", etc.
>
> I think you might want to try extending the geronimo default
> provider, I think you will have less to do.
> >
> > When the authorization info gets updated?
> > How do I make the "SecurityProxy" read additional configuration
> > such as
> > where to get the permissions and roles from (DBMS, XML, webservice,
> > etc).
>
> After thinking about this for just a few minutes, I think I'd go
> about this like so:
>
> 1. use java 5 :-)
>
> 2. Modify PolicyConfigurationGeneric to include a map <Class,
> PermissionsHandler>, and if the regular check passes, confinue by
> looking for a handler for the class of the permission, and asking the
> handler as well. So we'd have something like
>
> interface PermissionsHandler {
> boolean implies(Permission permission, Principal[] principals);
> }
>
> The permissionsHandler can look for the ejb object, method args, etc
> from PolicyContext itself. (PermissionsHandler is probably a really
> bad name)
>
> 3. Write a GBean to configure and install a PermissionsHandler into a
> PolicyConfigurationGeneric for a specific policyContextID. This
> GBean can configure the PermissionsHandler any way it wants.
>
> 4. Modify the GeronimoSecurityBuilderImpl to install instances of
> your gbeans based on xml in a modified geronimo-security-1.2.xsd
>
> I think my proposed PermissionsHandler can do anything the jboss
> SecurityProxy can do, although it is going to use the
> EJBMethodPermission.getActions() string to index which method is
> involved rather than the Method object itself.
>
> I might have left out a lot of essential functionality, so this might
> not actually work :-). It might be a starting point though.
>
> Please keep in touch with your progress, and keep asking questions!
>
> thanks
> david jencks
>
> >
> >
> > On Sun, 2006-12-03 at 00:32 -0300, Diego L Espiñeira wrote:
> >> Hi
> >> It would be such an honor to participate.
> >> The case is I don't have much information about the JACC API and
> >> specification neither about how is this implemented in geronimo.
> >> I just need that information to get the job done.
> >>
> >>
> >> Thanks for your reply
> >>
> >> On Sat, 2006-12-02 at 17:08 -0800, David Jencks wrote:
> >>> The SecurityProxy is a JBoss proprietary feature that Geronimo
> >>> doesn't support. At the moment we don't have anything directly
> >>> comparable implemented.
> >>>
> >>> Starting with j2ee 1.4 the "official" way to implement security
> >>> dependent on the ejb method calls is to do it in a JACC
> >>> provider. In
> >>> a JACC provider you can use the ejb method call in the determination
> >>> of whether to grant an ejb permission to a caller. I suspect we
> >>> could write a JACC provider that delegated to something like the
> >>> JBoss SecurityProxy. When considering this before I was thinking
> >>> more in terms of a rule engine, but certainly just writing code is
> >>> simpler :-)
> >>>
> >>> Would you be interested in working on an implementation of this?
> >>> I'm
> >>> interested but currently short of time, but I'd be happy to discuss
> >>> how to do it with you.
> >>>
> >>> thanks
> >>> david jencks
> >>>
> >>> On Dec 2, 2006, at 10:39 AM, Diego L Espiñeira wrote:
> >>>
> >>>> Hi!
> >>>> I'm in the process to migrate to Geronimo an application originally
> >>>> build for JBoss.
> >>>> This application uses custom EJB security through implementing the
> >>>> org.jboss.security.SecurityProxy interface. How could this be done
> >>>> with
> >>>> Geronimo. The reasons I've approached this issue that way and
> >>>> not the
> >>>> facade bean using isUserInRole are the tight integration with the
> >>>> application server architecture and that of this way I can write
> >>>> neat
> >>>> and more maintainable code.
> >>>>
> >>>> PD: sorry, my English sucks.
> >>>>
> >>>> Thanks in advance.
> >>>>
> >>>> __________________________________________________
> >>>> Correo Yahoo!
> >>>> Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> >>>> ¡Abrà tu cuenta ya! - http://correo.yahoo.com.ar
> >>>
> >>
> >> __________________________________________________
> >> Correo Yahoo!
> >> Espacio para todos tus mensajes, antivirus y antispam gratis!
> >> Abr tu cuenta ya! - http://correo.yahoo.com.ar
> >
> > __________________________________________________
> > Correo Yahoo!
> > Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> > ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
>
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam �gratis!
�Abr� tu cuenta ya! - http://correo.yahoo.com.ar
