portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: dev or user group question?
Date Tue, 24 Jan 2006 21:24:03 GMT

On Jan 24, 2006, at 1:04 PM, David Jencks wrote:

>
> On Jan 24, 2006, at 11:45 AM, Garner Andrews wrote:
>
>> We have our own security app that we've revealed with a web  
>> service.  We
>> want to replace the Jetspeed2 authentication and authorization  
>> functions
>> with our app.  Has anyone experimented with this at all yet?  Can you
>> even swap out the internal portal maintenance users' security  
>> roles or
>> do you have to use what's already there?  I'm really trying to  
>> gauge the
>> level of effort this will take.  I've read everything I have found so
>> far in the mail archives and in the other support areas and not found
>> answers to these questions yet.  If I missed something, please don't
>> hesitate to point me in the right direction.
>
> If you can express your authorization requirements purely in terms  
> of the jetspeed user, group, and role principals, and use the  
> jetspeed principal to permission mapping, you should be able to  
> simply replace the jetspeed login module with one that communicates  
> with your security server.  If you require more sophisticated  
> identity to permission mapping you may have to implement a Policy  
> to replace the jetspeed RdbmsPolicy: this would involve removing or  
> ignoring the jetspeed framework for managing permissions, although  
> I would strongly recommend still using the jetspeed permissions to  
> describe what the authorization decision is about.  There are a  
> couple places in the current code where the PermissionManager is  
> accessed directly instead of using the Policy but I'm hoping those  
> will get fixed shortly, they are in some patches I've submitted.
>
> I've been thinking about some of these issues while working on the  
> geronimo-jetspeed integration (JS2-444) and considering how the  
> geronimo security framework should develop and am wondering if you  
> could describe at a high level the capabilities of your security  
> server and what kinds of authorization decisions you need to make.

I should perhaps point out that I'm working to integrate JS2 with  
geronimo so as to use the geronimo JACC implementation, which is  
running into some of the same issues.  In particular I'm using the  
geronimo JACC-based Policy rather than the jetspeed Policy.  I'd  
certainly be interested to find out more about your specific  
requirements.

thanks
david jencks

>
> many thanks,
> david jencks
>
>>
>> Thanks,
>> Garner
>>
>> C. Garner Andrews
>> Enterprise Architect
>> CompuNet Consulting Group, Inc.
>> +mailto:garner@ccgi.net
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message