Dear Wiki user, You have subscribed to a wiki page or wiki category on "Clerezza Wiki" for change notification.
The "Security management in Clerezza" page has been changed by FlorentAndre: http://wiki.apache.org/clerezza/Security%20management%20in%20Clerezza New page: == Introduction == * Security in Clerezza is done at two level : platform Bundles and Graph read/write access. * Security and permission are managed with JAAS * Authentication can be done with one of this method : * cookie * http basic auth * webID * Clerezza Security code reside in plateform.security.* bundles == How it's work == === Authentication === * AuthenticatingFilter : is the http endpoint * call all registered AuthenticationMethod and WeightedAuthenticationMethod implementations * call the authenticationService : that will use all registered authenticationChecker to validate the provided username and password. * call each authenticationChecker : the first one that authenticate the user is ok. * Implement WeightedAuthenticationMethod, allow you to add others authentication protocol to Clerezza (ex : oAuth, openId,...) * Implement authenticationChecker, allow you to connect your specific authentication tool (LDAP, database,...) === Authorization === * TBD == Resources == * JAAS : * http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/AcnAndAzn.html * http://docs.oracle.com/javase/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html#RunAzn * http://www.jaasbook.com/ * Clerezza security * see thread with subject "Auth management in Clerezza" in https://mail-archives.apache.org/mod_mbox/incubator-clerezza-dev/201206.mbox/browser
