You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Brouwer <ma...@virgil.nl> on 2000/04/15 13:10:54 UTC

Re: code contribution on security inteceptor

mark@mjwilcox.com wrote:
> 
> Hi,
> 
> As I've posted before I have an example Security interceptor using
> LDAP and JNDI.
> 
> I would really like to contribute an example for others to follow but I
> would like to contribute something that the most people would find
> useful.
> 
> So I'd like to know what people would find the most useful right now:
> 
> 1) JNDI/LDAP --> might require JDK 1.2+ (I think the latest
> versions of JNDI require a minimum of JNDI 1.2)
> 

I think this would be a valuable contribution. As the latest version of
JNDI 1.2.1 runs on java 1.1.6 and upwards it won't be a problem. Which
attributes/object class do you have in mind for storing/retrieving user
information. In a previous mail you stated the JAAS JNDI login module
expects an LDAP scheme giving support for NIS objects. I have no clue ho
many LDAP servers support this scheme. I know with Solaris 7 and 8 you
could have your NIS tables in the LDAP server. As the IPlanet directory
server is part of Solaris 8 at least that one supports RFC 2307.

Unfortunately you can't get the code from Sun for the JAAS login
modules, or at least I couldn't find it. That way you could look the
part of the scheme of RFC 2307 really being used, but by reading the API
it is clear it has to do mainly with user and group ids.

> 2) LDAP with Netscape SDK --> would work with any JVM 1.1 or
> later
> 

I'm not very fond of introducing dependency on API's other than standard
extensions, therefore my answer is no.

> 3) JDBC (e.g. users, roles stored in a RDBMS)
> 

No, as far as I know there is no standardized scheme for storing login
stuff in a database. So probably you end up writing manuals for creating
tables, propertizing your interceptor for making the right mapping, etc,
etc.

> 4) JAAS with NIS or NT authentication (the JAAS standard
> modules contain examples for this)
> 

Yes very much, despite the fact it relies on JDK 1.3 it would be good to
see more use of JAAS in real life. As with most security related issues
for some reason not many people go deeply in this stuff, so an example
would be great.

Who doesn't put 'grant { permission java.security.AllPermission; }; in
the java.policy file after downloading a fresh JDK 1.2 :-)
-- 
Mark Brouwer