You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "James William Dumay (JIRA)" <ji...@codehaus.org> on 2008/06/11 04:41:12 UTC
[jira] Created: (MRM-832) Investigate future Security framework
options
Investigate future Security framework options
----------------------------------------------
Key: MRM-832
URL: http://jira.codehaus.org/browse/MRM-832
Project: Archiva
Issue Type: Task
Reporter: James William Dumay
Fix For: 1.2
This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
Possible frameworks:
* Redback (Current, could do with some love) - http://redback.codehaus.org
* Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
* JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=142553#action_142553 ]
Maria Odea Ching commented on MRM-832:
--------------------------------------
Btw, Archiva 1.1 already uses the latest released version of redback which contains the LDAP fixes so you won't need to copy the snapshot version to WEB-INF/lib.
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "James William Dumay (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=138279#action_138279 ]
James William Dumay commented on MRM-832:
-----------------------------------------
One thing I would like to avoid is possibly requiring users to edit the spring configuration directly to get ldap going - is that possible with spring-security ?
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=138298#action_138298 ]
Emmanuel Venisse commented on MRM-832:
--------------------------------------
you want admin pages to manage connection, users, groups and roles, right?
I'm not sure it exist and I think it is specific to a project, but I'm sure all API are there. I'll must do it in few weeks for a customerFlex project.
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "Andreas Christoforides (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=139063#action_139063 ]
Andreas Christoforides commented on MRM-832:
--------------------------------------------
I would also vote for Spring security. I personally wasn't even aware of the Redback project until I started looking into Archiva and Continuum. I believe that is probably the case for most Java developers not involved in the Apache community. On the other hand, Acegi/Spring security is what most Java developers are familiar with.
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=138133#action_138133 ]
Emmanuel Venisse commented on MRM-832:
--------------------------------------
LDAP support is very good now in Redback.
Maybe I'm wrong but I think AD connection is a standard LDAP connection.
Spring-security is the most powerful framework, it is alone to support LDAP, AD, Crowd, JOSSO (I don't think OpenSSO) and more (http://static.springframework.org/spring-security/site/reference/html/introduction.html)
As we already use Spring, I think spring-security would be the best option for users.
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-832) Investigate future Security framework
options
Posted by "James William Dumay (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James William Dumay updated MRM-832:
------------------------------------
Affects Version/s: 1.2
Fix Version/s: 1.2
Component/s: Users/Security
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-832) Investigate future Security framework
options
Posted by "Wolfgang Strunk (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=142538#action_142538 ]
Wolfgang Strunk commented on MRM-832:
-------------------------------------
Configuration of Spring security looks much simpler than redback configuration.
Although LDAP support is available for Redback, I still do have problems unless I use the latest SNAPSHOT of Redback ant put it into archiva WEBINF/lib. Only this version utilizes my security.properties file.
> Investigate future Security framework options
> ----------------------------------------------
>
> Key: MRM-832
> URL: http://jira.codehaus.org/browse/MRM-832
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.2
> Reporter: James William Dumay
> Fix For: 1.2
>
>
> This is just a stub ticket as we have been rumbling about replacing/improving our choice of security framework in 1.2
> Ideally it should be _very_ easy for administrators of Archiva to back auth onto a variety of systems - LDAP, Active Directory, Atlassian Crowd, OpenSSO, etc
> Possible frameworks:
> * Redback (Current, could do with some love) - http://redback.codehaus.org
> * Spring-Security (was ACEGI) - http://static.springframework.org/spring-security/site/
> * JSecurity (new Apache Incubator project) - http://www.jsecurity.org/
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira