You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Glen Daniels <gd...@macromedia.com> on 2001/08/01 14:43:59 UTC
Re: cvs commit: xml-axis/java/src/org/apache/axis/security Authen ticatedUser.java SecurityProvider.java
I took a look at JAAS last night.
My quick impression is that it's fairly complex, and involves permissions
and policy files and signed code. Redux: I think we should go there
eventually (probably with tooling around it to make it easier to use), but
in the 3.0 timeframe, doing something much simpler is a better plan. Also,
if people want to build adapters from our simple security interfaces to
systems like JAAS, they are welcome to.
I will also ask our security guys today whether my impressions re: JAAS are
accurate, and what they recommend.
Thoughts / comments?
--G
----- Original Message -----
From: "Sam Ruby" <ru...@us.ibm.com>
To: <ax...@xml.apache.org>
Sent: Tuesday, July 31, 2001 12:45 PM
Subject: RE: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
ticatedUser.java SecurityProvider.java
> Dirk-Willem van Gulik wrote:
> >
> > This is a very nice patch. I think eventually we need to go a lot more
> > fine grained. Let me check with the home office to see if I can grab
this
> > ball for a bit. Esp. when it comes to web sercurity.
>
> Before reinventing, we should investigate existing standards. For
example:
> JAAS. If we look at it and decide that it is not appropriate, I'm OK with
> that, but otherwise I see no value in simply reinventing for reinventing
> sake.
>
> - Sam Ruby
>
Re: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
ticatedUser.java SecurityProvider.java
Posted by Chris Opler <ch...@free.fr>.
You might want to check out the jaas implementation for jboss -- might give a
good sense of how easy/hard jaas would be to use with axis as well as provide
some sample code.
Regards,
Chris Opler
Glen Daniels wrote:
> I took a look at JAAS last night.
>
> My quick impression is that it's fairly complex, and involves permissions
> and policy files and signed code. Redux: I think we should go there
> eventually (probably with tooling around it to make it easier to use), but
> in the 3.0 timeframe, doing something much simpler is a better plan. Also,
> if people want to build adapters from our simple security interfaces to
> systems like JAAS, they are welcome to.
>
> I will also ask our security guys today whether my impressions re: JAAS are
> accurate, and what they recommend.
>
> Thoughts / comments?
>
> --G
>
> ----- Original Message -----
> From: "Sam Ruby" <ru...@us.ibm.com>
> To: <ax...@xml.apache.org>
> Sent: Tuesday, July 31, 2001 12:45 PM
> Subject: RE: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
> ticatedUser.java SecurityProvider.java
>
> > Dirk-Willem van Gulik wrote:
> > >
> > > This is a very nice patch. I think eventually we need to go a lot more
> > > fine grained. Let me check with the home office to see if I can grab
> this
> > > ball for a bit. Esp. when it comes to web sercurity.
> >
> > Before reinventing, we should investigate existing standards. For
> example:
> > JAAS. If we look at it and decide that it is not appropriate, I'm OK with
> > that, but otherwise I see no value in simply reinventing for reinventing
> > sake.
> >
> > - Sam Ruby
> >