portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: dev or user group question?
Date Tue, 24 Jan 2006 21:04:52 GMT

On Jan 24, 2006, at 11:45 AM, Garner Andrews wrote:

> We have our own security app that we've revealed with a web  
> service.  We
> want to replace the Jetspeed2 authentication and authorization  
> functions
> with our app.  Has anyone experimented with this at all yet?  Can you
> even swap out the internal portal maintenance users' security roles or
> do you have to use what's already there?  I'm really trying to  
> gauge the
> level of effort this will take.  I've read everything I have found so
> far in the mail archives and in the other support areas and not found
> answers to these questions yet.  If I missed something, please don't
> hesitate to point me in the right direction.

If you can express your authorization requirements purely in terms of  
the jetspeed user, group, and role principals, and use the jetspeed  
principal to permission mapping, you should be able to simply replace  
the jetspeed login module with one that communicates with your  
security server.  If you require more sophisticated identity to  
permission mapping you may have to implement a Policy to replace the  
jetspeed RdbmsPolicy: this would involve removing or ignoring the  
jetspeed framework for managing permissions, although I would  
strongly recommend still using the jetspeed permissions to describe  
what the authorization decision is about.  There are a couple places  
in the current code where the PermissionManager is accessed directly  
instead of using the Policy but I'm hoping those will get fixed  
shortly, they are in some patches I've submitted.

I've been thinking about some of these issues while working on the  
geronimo-jetspeed integration (JS2-444) and considering how the  
geronimo security framework should develop and am wondering if you  
could describe at a high level the capabilities of your security  
server and what kinds of authorization decisions you need to make.

many thanks,
david jencks

>
> Thanks,
> Garner
>
> C. Garner Andrews
> Enterprise Architect
> CompuNet Consulting Group, Inc.
> +mailto:garner@ccgi.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message