You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Diego L Espineira (JIRA)" <ji...@apache.org> on 2006/12/03 01:16:22 UTC

[jira] Created: (GERONIMO-2617) Custom Authorization

Custom Authorization
--------------------

                 Key: GERONIMO-2617
                 URL: http://issues.apache.org/jira/browse/GERONIMO-2617
             Project: Geronimo
          Issue Type: New Feature
      Security Level: public (Regular issues)
            Reporter: Diego L Espineira


Apache Geronimo to enable the developer to implement custom and complex security models, such as role hierarchies and permission inheritance between roles. This can be accomplished by adding an optional parameter to the security realm options specifying some class to intercept and handle the authorization to EJBs, WebServices and web content (JSP, html etc) by applying custom and application specific authorization based on information stored in somewhere else (like a DBMS).
This enables an application to allow its users to change the EJB methods and content permissions through the application itself. The authentication and authorization settings is widely wrongly assigned to deployment time, while it must be assigned much of it to run time.

An example of this is the JBoss SX approach to this subject. An application security realm is configured to use an "authorization manager", which is a class that implements org.jboss.security.SecurityProxy. And it handles the requests to all the resources like EJBs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (GERONIMO-2617) Custom Authorization

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-2617.
----------------------------------

    Resolution: Incomplete
      Assignee: David Jencks

I can't tell well enough what you want here.  I think you may want to implement a custom jacc implementation.  You might want something like triplesec.  But without much clearer goals we won't get too far.

> Custom Authorization
> --------------------
>
>                 Key: GERONIMO-2617
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2617
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Diego L Espineira
>            Assignee: David Jencks
>
> Apache Geronimo to enable the developer to implement custom and complex security models, such as role hierarchies and permission inheritance between roles. This can be accomplished by adding an optional parameter to the security realm options specifying some class to intercept and handle the authorization to EJBs, WebServices and web content (JSP, html etc) by applying custom and application specific authorization based on information stored in somewhere else (like a DBMS).
> This enables an application to allow its users to change the EJB methods and content permissions through the application itself. The authentication and authorization settings is widely wrongly assigned to deployment time, while it must be assigned much of it to run time.
> An example of this is the JBoss SX approach to this subject. An application security realm is configured to use an "authorization manager", which is a class that implements org.jboss.security.SecurityProxy. And it handles the requests to all the resources like EJBs.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-2617) Custom Authorization

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/GERONIMO-2617?page=comments#action_12455143 ] 
            
David Jencks commented on GERONIMO-2617:
----------------------------------------

Can you look into the facilities for a JACC provider to include the request in its determination whether to grant a permission?  I think that may be a spec-compliant way of getting the same result without any non-spec additions.  

> Custom Authorization
> --------------------
>
>                 Key: GERONIMO-2617
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2617
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>            Reporter: Diego L Espineira
>
> Apache Geronimo to enable the developer to implement custom and complex security models, such as role hierarchies and permission inheritance between roles. This can be accomplished by adding an optional parameter to the security realm options specifying some class to intercept and handle the authorization to EJBs, WebServices and web content (JSP, html etc) by applying custom and application specific authorization based on information stored in somewhere else (like a DBMS).
> This enables an application to allow its users to change the EJB methods and content permissions through the application itself. The authentication and authorization settings is widely wrongly assigned to deployment time, while it must be assigned much of it to run time.
> An example of this is the JBoss SX approach to this subject. An application security realm is configured to use an "authorization manager", which is a class that implements org.jboss.security.SecurityProxy. And it handles the requests to all the resources like EJBs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (GERONIMO-2617) Custom Authorization

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks updated GERONIMO-2617:
-----------------------------------

    Component/s: security

> Custom Authorization
> --------------------
>
>                 Key: GERONIMO-2617
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2617
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Diego L Espineira
>
> Apache Geronimo to enable the developer to implement custom and complex security models, such as role hierarchies and permission inheritance between roles. This can be accomplished by adding an optional parameter to the security realm options specifying some class to intercept and handle the authorization to EJBs, WebServices and web content (JSP, html etc) by applying custom and application specific authorization based on information stored in somewhere else (like a DBMS).
> This enables an application to allow its users to change the EJB methods and content permissions through the application itself. The authentication and authorization settings is widely wrongly assigned to deployment time, while it must be assigned much of it to run time.
> An example of this is the JBoss SX approach to this subject. An application security realm is configured to use an "authorization manager", which is a class that implements org.jboss.security.SecurityProxy. And it handles the requests to all the resources like EJBs.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.