You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by David Jencks <da...@yahoo.com> on 2006/01/16 22:03:25 UTC
[J2] Why are there two parallel security systems?
It looks to me as if there are two security systems, one based on
"SecurityContraints" and the other on various jetspeed defined
Permissions: I think you can enable or disable these in Spring
configurations. They look to me from a short glance to do much the
same things.
Could someone explain why and if there are any plans for instance to
eliminate one of them in the future? Why would I use one rather than
the other?
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: LDAP Authorization and Authentication Enhancements
Posted by David Le Strat <dl...@yahoo.com>.
When will 2.0.1 be cut? I have no problem adding
those change to 2.0.1 as long as it is fine with the
other committers.
Regards,
David Le Strat
--- Roger Ruttimann <ro...@earthlink.net>
wrote:
> Great!
>
> Could the update go into the 2.0.1 branch as well?
>
> I'm +1 on this since improved LDAP functionality is
> a great feature of 2.0
>
> Roger
>
> David Le Strat wrote:
>
> >All,
> >
> >Thanks to Davy De Waele, the security module has
> been
> >enhanced to full implement authorization with LDAP.
>
> >Also, LDAP authentication support has been
> enhanced.
> >
> >Details are available at
> >
> >http://issues.apache.org/jira/browse/JS2-470
> >
> >Regards,
> >
> >David Le Strat
> >
> >________________________
> >David Le Strat
> >Blogging @ http://dlsthoughts.blogspot.com
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam? Yahoo! Mail has the best spam
> protection around
> >http://mail.yahoo.com
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@portals.apache.org
> >For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
> >
> >
> >
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
>
>
________________________
David Le Strat
Blogging @ http://dlsthoughts.blogspot.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: LDAP Authorization and Authentication Enhancements
Posted by Roger Ruttimann <ro...@earthlink.net>.
Great!
Could the update go into the 2.0.1 branch as well?
I'm +1 on this since improved LDAP functionality is a great feature of 2.0
Roger
David Le Strat wrote:
>All,
>
>Thanks to Davy De Waele, the security module has been
>enhanced to full implement authorization with LDAP.
>Also, LDAP authentication support has been enhanced.
>
>Details are available at
>
>http://issues.apache.org/jira/browse/JS2-470
>
>Regards,
>
>David Le Strat
>
>________________________
>David Le Strat
>Blogging @ http://dlsthoughts.blogspot.com
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
LDAP Authorization and Authentication Enhancements
Posted by David Le Strat <dl...@yahoo.com>.
All,
Thanks to Davy De Waele, the security module has been
enhanced to full implement authorization with LDAP.
Also, LDAP authentication support has been enhanced.
Details are available at
http://issues.apache.org/jira/browse/JS2-470
Regards,
David Le Strat
________________________
David Le Strat
Blogging @ http://dlsthoughts.blogspot.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: [J2] Why are there two parallel security systems?
Posted by Randy Watler <wa...@wispertel.net>.
David,
On Mon, 2006-01-16 at 15:29 -0800, David Jencks wrote:
> On Jan 16, 2006, at 1:54 PM, Randy Watler wrote:
>
> > David,
> >
> > This is indeed the case for the PageManager component. The
> > "Permissions"
> > based solution has been implemented to allow implementors that already
> > use the Java security architecture a compliant means to apply the same
> > to J2. The "Constraints" based solution allows the implementor to
> > specify security information in the PSML files. Generally speaking,
> > the
> > "Permissions" solution was targeted for larger users and the
> > "Constraints" solution for a less formal organization that tried to
> > minimize "touch points" for portal configuration. The "Constraints"
> > solution is far more popular and is slightly more powerful capability
> > wise.
> >
> > HTH,
>
> That helps a lot, but now I have more questions :-)
>
> I've been assuming that only the "Permissions" solution existed :-)
> and thought there must be some way that I hadn't found yet to get the
> psml based permission descriptions into the rdbms based policy. How
> wrong is this view :-) ? Do the psml-file based security only work
> with "Constraints" and the rdbms based stuff only work with
> "Permissions"?
Exactly correct. They share only the use of the troublesome J2 Subject.
>
> Also, could you explain what the "Constraints" can do that the
> "Permissions" can't?
Constraints provide a limited ability to deny permissions to a specific
user, role, or group. AFAIK, there is no way to do this using the
Permissions approach. For example, say I wanted to allow all 'managers'
the ability to view a page, except those that are in the 'fired' group.
Randy
>
> Many thanks!
>
> david jencks
>
> >
> > Randy
> >
> > On Mon, 2006-01-16 at 13:03 -0800, David Jencks wrote:
> >> It looks to me as if there are two security systems, one based on
> >> "SecurityContraints" and the other on various jetspeed defined
> >> Permissions: I think you can enable or disable these in Spring
> >> configurations. They look to me from a short glance to do much the
> >> same things.
> >>
> >> Could someone explain why and if there are any plans for instance to
> >> eliminate one of them in the future? Why would I use one rather than
> >> the other?
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> >> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: [J2] Why are there two parallel security systems?
Posted by David Jencks <da...@yahoo.com>.
On Jan 16, 2006, at 1:54 PM, Randy Watler wrote:
> David,
>
> This is indeed the case for the PageManager component. The
> "Permissions"
> based solution has been implemented to allow implementors that already
> use the Java security architecture a compliant means to apply the same
> to J2. The "Constraints" based solution allows the implementor to
> specify security information in the PSML files. Generally speaking,
> the
> "Permissions" solution was targeted for larger users and the
> "Constraints" solution for a less formal organization that tried to
> minimize "touch points" for portal configuration. The "Constraints"
> solution is far more popular and is slightly more powerful capability
> wise.
>
> HTH,
That helps a lot, but now I have more questions :-)
I've been assuming that only the "Permissions" solution existed :-)
and thought there must be some way that I hadn't found yet to get the
psml based permission descriptions into the rdbms based policy. How
wrong is this view :-) ? Do the psml-file based security only work
with "Constraints" and the rdbms based stuff only work with
"Permissions"?
Also, could you explain what the "Constraints" can do that the
"Permissions" can't?
Many thanks!
david jencks
>
> Randy
>
> On Mon, 2006-01-16 at 13:03 -0800, David Jencks wrote:
>> It looks to me as if there are two security systems, one based on
>> "SecurityContraints" and the other on various jetspeed defined
>> Permissions: I think you can enable or disable these in Spring
>> configurations. They look to me from a short glance to do much the
>> same things.
>>
>> Could someone explain why and if there are any plans for instance to
>> eliminate one of them in the future? Why would I use one rather than
>> the other?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: [J2] Why are there two parallel security systems?
Posted by Randy Watler <wa...@wispertel.net>.
David,
This is indeed the case for the PageManager component. The "Permissions"
based solution has been implemented to allow implementors that already
use the Java security architecture a compliant means to apply the same
to J2. The "Constraints" based solution allows the implementor to
specify security information in the PSML files. Generally speaking, the
"Permissions" solution was targeted for larger users and the
"Constraints" solution for a less formal organization that tried to
minimize "touch points" for portal configuration. The "Constraints"
solution is far more popular and is slightly more powerful capability
wise.
HTH,
Randy
On Mon, 2006-01-16 at 13:03 -0800, David Jencks wrote:
> It looks to me as if there are two security systems, one based on
> "SecurityContraints" and the other on various jetspeed defined
> Permissions: I think you can enable or disable these in Spring
> configurations. They look to me from a short glance to do much the
> same things.
>
> Could someone explain why and if there are any plans for instance to
> eliminate one of them in the future? Why would I use one rather than
> the other?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org