You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Scott T. Weaver" <sc...@binary-designs.net> on 2004/07/15 17:15:19 UTC

[J2:VOTE] Using the java.security.acl implementation

Just want to get everyones input on implementing the java.security.acl 
api for supporting ACLs in J2.  I think this may have been discussed 
before, but I think we need to make a decision so we can move forward 
with applying security to portal resources.

The interfaces for java.security.acl are straight forward and should 
prove very easy to implement.and it should mesh very well with the 
already existing security components.

Regards

-- 
******************************************
*           Scott T. Weaver              *
*         <we...@apache.org>            *
*     <http://www.einnovation.com>       *
* -------------------------------------- *
*   Apache Jetspeed Enterprise Portal    *
*     Apache Pluto Portlet Container     *
*                                        *
* OpenEditPro, Website Content Mangement *
*     <http://www.openeditpro.com>       *
******************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

Re: [J2:VOTE] Using the java.security.acl implementation

Posted by "Scott T. Weaver" <sc...@binary-designs.net>.
Thanks for the link to article, David.  I will take a look at it right now.

David Le Strat wrote:

>Scott,
>
>I am -1 on that.  That's why I implemented a security
>service using JAAS and RDBMS policies.  If we want to
>enforce policies on object (portlets, pages, folders,
>etc), we should have matching permissions (see
>PortletPermission) where those permissions are mapped
>to roles or groups. At least, that was the model, I
>had in mind.
>
>The security service enforces the mapping resource to 
>permission and support the role hierarchy structure.
>
>A good reference behind the design is at:
>
>http://www-106.ibm.com/developerworks/java/library/j-jaas/?dwzone=java
>
>The only difference is that we have an RDBMS
>implementation + hierarchy support.
>
>I am in favor of pursuing that model.  It is JAAS
>compliant and user can eventually swap their own
>implementation later on, on a different store.
>
>I have been swamped at work and have had to step back
>a bit.
>
>Regards,
>
>David.
>
>--- "Scott T. Weaver"
><sc...@binary-designs.net> wrote:
>  
>
>>Just want to get everyones input on implementing the
>>java.security.acl 
>>api for supporting ACLs in J2.  I think this may
>>have been discussed 
>>before, but I think we need to make a decision so we
>>can move forward 
>>with applying security to portal resources.
>>
>>The interfaces for java.security.acl are straight
>>forward and should 
>>prove very easy to implement.and it should mesh very
>>well with the 
>>already existing security components.
>>
>>Regards
>>
>>-- 
>>******************************************
>>*           Scott T. Weaver              *
>>*         <we...@apache.org>            *
>>*     <http://www.einnovation.com>       *
>>* -------------------------------------- *
>>*   Apache Jetspeed Enterprise Portal    *
>>*     Apache Pluto Portlet Container     *
>>*                                        *
>>* OpenEditPro, Website Content Mangement *
>>*     <http://www.openeditpro.com>       *
>>******************************************
>>
>>
>>
>>    
>>
>---------------------------------------------------------------------
>  
>
>>To unsubscribe, e-mail:
>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail:
>>jetspeed-dev-help@jakarta.apache.org
>>
>>
>>    
>>
>
>
>
>		
>__________________________________
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!
>http://promotions.yahoo.com/new_mail 
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>
>
>  
>


-- 
******************************************
*           Scott T. Weaver              *
*         <we...@apache.org>            *
*     <http://www.einnovation.com>       *
* -------------------------------------- *
*   Apache Jetspeed Enterprise Portal    *
*     Apache Pluto Portlet Container     *
*                                        *
* OpenEditPro, Website Content Mangement *
*     <http://www.openeditpro.com>       *
******************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

Re: [J2:VOTE] Using the java.security.acl implementation

Posted by David Le Strat <dl...@yahoo.com>.
Scott,

I am -1 on that.  That's why I implemented a security
service using JAAS and RDBMS policies.  If we want to
enforce policies on object (portlets, pages, folders,
etc), we should have matching permissions (see
PortletPermission) where those permissions are mapped
to roles or groups. At least, that was the model, I
had in mind.

The security service enforces the mapping resource to 
permission and support the role hierarchy structure.

A good reference behind the design is at:

http://www-106.ibm.com/developerworks/java/library/j-jaas/?dwzone=java

The only difference is that we have an RDBMS
implementation + hierarchy support.

I am in favor of pursuing that model.  It is JAAS
compliant and user can eventually swap their own
implementation later on, on a different store.

I have been swamped at work and have had to step back
a bit.

Regards,

David.

--- "Scott T. Weaver"
<sc...@binary-designs.net> wrote:
> Just want to get everyones input on implementing the
> java.security.acl 
> api for supporting ACLs in J2.  I think this may
> have been discussed 
> before, but I think we need to make a decision so we
> can move forward 
> with applying security to portal resources.
> 
> The interfaces for java.security.acl are straight
> forward and should 
> prove very easy to implement.and it should mesh very
> well with the 
> already existing security components.
> 
> Regards
> 
> -- 
> ******************************************
> *           Scott T. Weaver              *
> *         <we...@apache.org>            *
> *     <http://www.einnovation.com>       *
> * -------------------------------------- *
> *   Apache Jetspeed Enterprise Portal    *
> *     Apache Pluto Portlet Container     *
> *                                        *
> * OpenEditPro, Website Content Mangement *
> *     <http://www.openeditpro.com>       *
> ******************************************
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@jakarta.apache.org
> 
> 



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org