You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Scott T. Weaver" <sc...@binary-designs.net> on 2004/07/15 17:15:19 UTC
[J2:VOTE] Using the java.security.acl implementation
Just want to get everyones input on implementing the java.security.acl
api for supporting ACLs in J2. I think this may have been discussed
before, but I think we need to make a decision so we can move forward
with applying security to portal resources.
The interfaces for java.security.acl are straight forward and should
prove very easy to implement.and it should mesh very well with the
already existing security components.
Regards
--
******************************************
* Scott T. Weaver *
* <we...@apache.org> *
* <http://www.einnovation.com> *
* -------------------------------------- *
* Apache Jetspeed Enterprise Portal *
* Apache Pluto Portlet Container *
* *
* OpenEditPro, Website Content Mangement *
* <http://www.openeditpro.com> *
******************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: [J2:VOTE] Using the java.security.acl implementation
Posted by "Scott T. Weaver" <sc...@binary-designs.net>.
Thanks for the link to article, David. I will take a look at it right now.
David Le Strat wrote:
>Scott,
>
>I am -1 on that. That's why I implemented a security
>service using JAAS and RDBMS policies. If we want to
>enforce policies on object (portlets, pages, folders,
>etc), we should have matching permissions (see
>PortletPermission) where those permissions are mapped
>to roles or groups. At least, that was the model, I
>had in mind.
>
>The security service enforces the mapping resource to
>permission and support the role hierarchy structure.
>
>A good reference behind the design is at:
>
>http://www-106.ibm.com/developerworks/java/library/j-jaas/?dwzone=java
>
>The only difference is that we have an RDBMS
>implementation + hierarchy support.
>
>I am in favor of pursuing that model. It is JAAS
>compliant and user can eventually swap their own
>implementation later on, on a different store.
>
>I have been swamped at work and have had to step back
>a bit.
>
>Regards,
>
>David.
>
>--- "Scott T. Weaver"
><sc...@binary-designs.net> wrote:
>
>
>>Just want to get everyones input on implementing the
>>java.security.acl
>>api for supporting ACLs in J2. I think this may
>>have been discussed
>>before, but I think we need to make a decision so we
>>can move forward
>>with applying security to portal resources.
>>
>>The interfaces for java.security.acl are straight
>>forward and should
>>prove very easy to implement.and it should mesh very
>>well with the
>>already existing security components.
>>
>>Regards
>>
>>--
>>******************************************
>>* Scott T. Weaver *
>>* <we...@apache.org> *
>>* <http://www.einnovation.com> *
>>* -------------------------------------- *
>>* Apache Jetspeed Enterprise Portal *
>>* Apache Pluto Portlet Container *
>>* *
>>* OpenEditPro, Website Content Mangement *
>>* <http://www.openeditpro.com> *
>>******************************************
>>
>>
>>
>>
>>
>---------------------------------------------------------------------
>
>
>>To unsubscribe, e-mail:
>>jetspeed-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail:
>>jetspeed-dev-help@jakarta.apache.org
>>
>>
>>
>>
>
>
>
>
>__________________________________
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!
>http://promotions.yahoo.com/new_mail
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
>
>
>
>
--
******************************************
* Scott T. Weaver *
* <we...@apache.org> *
* <http://www.einnovation.com> *
* -------------------------------------- *
* Apache Jetspeed Enterprise Portal *
* Apache Pluto Portlet Container *
* *
* OpenEditPro, Website Content Mangement *
* <http://www.openeditpro.com> *
******************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
Re: [J2:VOTE] Using the java.security.acl implementation
Posted by David Le Strat <dl...@yahoo.com>.
Scott,
I am -1 on that. That's why I implemented a security
service using JAAS and RDBMS policies. If we want to
enforce policies on object (portlets, pages, folders,
etc), we should have matching permissions (see
PortletPermission) where those permissions are mapped
to roles or groups. At least, that was the model, I
had in mind.
The security service enforces the mapping resource to
permission and support the role hierarchy structure.
A good reference behind the design is at:
http://www-106.ibm.com/developerworks/java/library/j-jaas/?dwzone=java
The only difference is that we have an RDBMS
implementation + hierarchy support.
I am in favor of pursuing that model. It is JAAS
compliant and user can eventually swap their own
implementation later on, on a different store.
I have been swamped at work and have had to step back
a bit.
Regards,
David.
--- "Scott T. Weaver"
<sc...@binary-designs.net> wrote:
> Just want to get everyones input on implementing the
> java.security.acl
> api for supporting ACLs in J2. I think this may
> have been discussed
> before, but I think we need to make a decision so we
> can move forward
> with applying security to portal resources.
>
> The interfaces for java.security.acl are straight
> forward and should
> prove very easy to implement.and it should mesh very
> well with the
> already existing security components.
>
> Regards
>
> --
> ******************************************
> * Scott T. Weaver *
> * <we...@apache.org> *
> * <http://www.einnovation.com> *
> * -------------------------------------- *
> * Apache Jetspeed Enterprise Portal *
> * Apache Pluto Portlet Container *
> * *
> * OpenEditPro, Website Content Mangement *
> * <http://www.openeditpro.com> *
> ******************************************
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@jakarta.apache.org
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org