You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@jakarta.apache.org by Brill Pappin <br...@jmonkey.com> on 1999/11/15 00:22:00 UTC
Security Implementation
Hi all,
A little while ago, there was a need for someone to take on the Security
module for Tomcat...
has that torch been taken up yet?
- Brill Pappin
www.jmonkey.com
Re: Security Implementation
Posted by "Craig R. McClanahan" <cm...@mytownnet.com>.
Brill Pappin wrote:
> Hi all,
> A little while ago, there was a need for someone to take on the Security
> module for Tomcat...
> has that torch been taken up yet?
That proposal was mine.
The current state of the work is in two new packages that are not yet
integrated with the core:
org.apache.tomcat.security
org.apache.tomcat.security.file
with the basic idea that the existing RealmSecurityConnector interface will
be replaced by a ServiceInterceptor implementation (called
SecurityInterceptor) to enforce the security restrictions, and a pluggable
RealmConnector interface that lets you attach the security architecture to
any of a variety of security technologies (like a JNDI-accessed directory
servier, a JDBC-accessed database, or something custom to your own legacy
environment).
The current code has a lot of "XXX" comments where things need to be
fleshed out, but you can see the direction I've been heading.
Craig McClanahan