You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by David Jencks <da...@yahoo.com> on 2006/12/28 05:46:00 UTC

TripleSec && Jacc

First, I'd like to thank Alex for working with the PMC to get me  
commit access so I can work on triplesec more easily.

I committed my pom cleanup which slightly extends what Alex started.

Meanwhile I've been making extensive local changes to my triplesec  
copy in line with what I've been talking about on the dev list.   
Since the implications of what I've done may not be clear yet and I  
am not really a triplesec expert yet :-) I think it would be best to  
put this work in a sandbox branch.  To make it simpler for myself  
here's what I'm going to try to do:

- apply my local changes to trunks/triplesec
- move trunk/triplesec to sandbox/triplesec-jacc
- copy triplesec rev 490644 to trunks/triplesec

If all goes well this will leave us with current triplesec in trunk  
and my experiments in sandbox/triplesec-jacc  and I won't have to  
spend hours trying to make svn switch work.

Code status on my experiments:

it builds :-)

I started using java 5 coding.

some integration tests fail... these look to me as if there are  
problems starting up the server or connecting to it... there have  
been a couple of suggestive emails lately about jndi problems.

I've changed the schema to model java permissions with constructors  
with one or two Strings and grant and deny on roles and profiles.

I think the guardian api and ldap stuff is coded but tests of new  
stuff is disabled

admin-api coding for new permission model is partly done.  Mostly  
modifications are not yet supported.

The swing admin compiles only because I commented out everything  
related to the old permission model.  I doubt I'll be able to  
complete this part without some help, I'm kind of incompetent with guis.

The SafehausPrincipal still only works with one app.

There seemed to be a lot of copies of the same server.ldif hanging  
around for testing.  After updating it for the new permission model I  
put it in a module/jar and unpack it into the server where needed for  
integration tests.  Maybe we can put the server.xml there too?

many thanks
david jencks

Re: TripleSec && Jacc

Posted by Alex Karasulu <ak...@apache.org>.

Hi David,

Hey can you do me a favor and prefix a [Triplesec] to your email subject
so I can filter between ADS emails and Tsec emails?  Thanks!

More comments in line ...

David Jencks wrote:
> First, I'd like to thank Alex for working with the PMC to get me commit
> access so I can work on triplesec more easily.

NP we know your track record already with the Geronimo community and
you've made some great patch contributions already.

> I committed my pom cleanup which slightly extends what Alex started.

Thanks I'll update this stuff and give it a look see today.

> Meanwhile I've been making extensive local changes to my triplesec copy
> in line with what I've been talking about on the dev list.

Yep wrt the new java permissions.  Let's talk about this a bit more.
Namely I want to agree on schema changes ... and how this is going to
impact the implementation of a correct implies() function as well as
what we're going to do with the present function used to calculate the
effective permissions.

  Since the
> implications of what I've done may not be clear yet and I am not really
> a triplesec expert yet :-) I think it would be best to put this work in
> a sandbox branch.  To make it simpler for myself here's what I'm going
> to try to do:
> 
> - apply my local changes to trunks/triplesec
> - move trunk/triplesec to sandbox/triplesec-jacc
> - copy triplesec rev 490644 to trunks/triplesec

Ok so does this mean that you will be rolling back some changes to the
trunks?  Or did you just apply some nominal pom cleanup fixes to the
trunks which will stay there?

> If all goes well this will leave us with current triplesec in trunk and
> my experiments in sandbox/triplesec-jacc  and I won't have to spend
> hours trying to make svn switch work.
> 
> Code status on my experiments:
> 
> it builds :-)
> 
> I started using java 5 coding.
> 
> some integration tests fail... these look to me as if there are problems
> starting up the server or connecting to it... there have been a couple
> of suggestive emails lately about jndi problems.

Well before we go hard core into your enhancements for jacc or make any
package name changes let's make sure everything runs and all integration
tests pass.  This will give us a clean start.  I'll start looking into
what problems we have with the build.

> I've changed the schema to model java permissions with constructors with
> one or two Strings and grant and deny on roles and profiles.
> 
> I think the guardian api and ldap stuff is coded but tests of new stuff
> is disabled
> 
> admin-api coding for new permission model is partly done.  Mostly
> modifications are not yet supported.
> 
> The swing admin compiles only because I commented out everything related
> to the old permission model.  I doubt I'll be able to complete this part
> without some help, I'm kind of incompetent with guis.
> 
> The SafehausPrincipal still only works with one app.

I take it that the above changes are the changes you're making to your
own private branch?

> There seemed to be a lot of copies of the same server.ldif hanging
> around for testing.  After updating it for the new permission model I
> put it in a module/jar and unpack it into the server where needed for
> integration tests.  Maybe we can put the server.xml there too?

Yeah this last idea here especially is a nice to have.  Perhaps we can
apply this to the trunks instead of your jacc branch.

Regards,
Alex