Re[2]: Problems with Permissions and Groups

[Aurelien Pernoud <ap...@sopragroup.com>]

Weaver, Scott a écrit :

>> As you seem to know well of security/role/permissions work, could you tell
>> me if the current model
>> (described http://jakarta.apache.org/jetspeed/site/security.html) is
>> willing
>> to change in JS1.0, or not, or maybe but just a little ? :)

> We are always looking for good suggestions.  What did you have in mind?

Right now pretty nothing, I have to compare this model with ours
(which I'm quite discovering too :)), and see what we can do !

> Someone correct me if I'm wrong but I don't think the relative structure of
> security has changed since 1.3b3 to what is scheduled in b4.  Most of the
> changes are bug and security hole fixes.

I just wanted to know if the current security was already known as
"deprecated" (for dev) or if it's still in run. You pretty clearly
answered to it. Thx !

> My Opinion and somewhat OT:
> A lot of the security issues I have seen lately stem from the basic idea of
> security and how it is/expected to/should be implemented.  The current pluggable
> security implementation really helps with this and it's separation of concerns is
> well thought out.  However, having to re-implement the entire security system or
> even a portion of it can be somewhat overkill when it comes to small modifications.

> A good solution would be to somehow take the existing security and implement a
> filter chain or pipeline pattern to it.  Using this approach, developers could
>  insert their own filters at any point between pre/post-authentication and
> pre/post-authorization.  I could even see filters being used within the
> maintenance and creation of principals (users) and roles.

Thx for pointing this out too.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org