[Q] Cocoon 2.1 Authentication framework (aka sunRise)

[Ivelin Ivanov <iv...@apache.org>]

I have tried to read through the Auth. documentation and understand how it
relates to the authentication mechanism of the J2EE specification.

I see that it supports roles and session context, but do not understand if
it is tied to the J2EE container's security.

For example when authenticated through the container, a user principal and
role are available in the ServletRequest.
They are also carried over and applied to any J2EE resource like
transactions, datasources, EJBs, JMS, etc. through JNDI.

So, my question:
Is the sunRise framework tied to the J2EE security APIs?
How can my EJBs be aware of the user name and role ?

-=Ivelin=-



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: [Q] Cocoon 2.1 Authentication framework (aka sunRise)

[Ivelin Ivanov <iv...@apache.org>]

Thanks Vadim.

Maybe we should make this explicit in the documentation.

I would assume that most J2EE applications use the standard API, which is
not perfect, but security is such a hair ball that a well understood and
properly used standard is a good thing after all.

Ivelin


----- Original Message -----
From: "Vadim Gritsenko" <va...@verizon.net>
To: <co...@xml.apache.org>
Sent: Sunday, August 04, 2002 10:50 AM
Subject: RE: [Q] Cocoon 2.1 Authentication framework (aka sunRise)


> > From: Ivelin Ivanov [mailto:ivelin@apache.org]
> >
> >
> > I have tried to read through the Auth. documentation and understand
> how it
> > relates to the authentication mechanism of the J2EE specification.
> >
> > I see that it supports roles and session context, but do not
> understand if
> > it is tied to the J2EE container's security.
> >
> > For example when authenticated through the container, a user principal
> and
> > role are available in the ServletRequest.
> > They are also carried over and applied to any J2EE resource like
> > transactions, datasources, EJBs, JMS, etc. through JNDI.
> >
> > So, my question:
> > Is the sunRise framework tied to the J2EE security APIs?
> > How can my EJBs be aware of the user name and role ?
>
> Carsten isn't there yet, but from what I understood, there is no
> integration with j2ee out of the box.
>
> Vadim
>
>
> > -=Ivelin=-
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

RE: [Q] Cocoon 2.1 Authentication framework (aka sunRise)

[Vadim Gritsenko <va...@verizon.net>]

> From: Ivelin Ivanov [mailto:ivelin@apache.org]
> 
> 
> I have tried to read through the Auth. documentation and understand
how it
> relates to the authentication mechanism of the J2EE specification.
> 
> I see that it supports roles and session context, but do not
understand if
> it is tied to the J2EE container's security.
> 
> For example when authenticated through the container, a user principal
and
> role are available in the ServletRequest.
> They are also carried over and applied to any J2EE resource like
> transactions, datasources, EJBs, JMS, etc. through JNDI.
> 
> So, my question:
> Is the sunRise framework tied to the J2EE security APIs?
> How can my EJBs be aware of the user name and role ?

Carsten isn't there yet, but from what I understood, there is no
integration with j2ee out of the box. 

Vadim


> -=Ivelin=-


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org