On Jan 12, 2006, at 2:25 PM, Emmanuel Venisse wrote:
David Blevins a écrit :
On Jan 11, 2006, at 10:13 AM, Emmanuel Venisse wrote:
Hi,
In 1.1, we have decided to rework all security features.
I tried to use osuser but this framework is crappy :
[...]
I looked at seraph too. This project seems to be interesting,
it's used by confluence and jira. It seems we have all we need
in it but it require to be used in a web app environment, so i
think we can't use it if we want to use security framework in a
standalone app in future.
Interesting, if you look at the dependencies for seraph, it's
clearly using osuser.
- http://opensource.atlassian.com/seraph/dependencies.html
osuser is use only for the DefaultAuthenticator, if you don't use
it, you don't need osuser.
Wonder if "writing our own" option couldn't mean writing our own
wrapper for osuser.
not exactly. osuser would can be supported by a provider of our
own. But if we decide to write it, it must be extensible with
providers like other framework(osuser, seraph...) and ldap, jaas...
I can't believe i forgot about this.
http://jpam.sourceforge.net/documentation/
Then we could do real security and not java-toy security only usable
by continuum.
I've got a shared LDAP directory up on ci.gbuild.org right now which
we use instead of /etc/passwd files for logging into the various
gbuild machines. There is a j2eetck group that we put people in if
they are allowed to see tck related stuff. Would be excellent if we
could use that exact setup in continuum to lock off certain projects
to only be visible to that or other groups. I've had to setup cron
jobs to build the various things that are tck private -- made an
attempt to put up a non-public continuum install for that, but it was
too much of a pain.
-David
Emmanuel
