Re: Google Summer of Code: Marcin Wilkos

Wed, 27 May 2009 02:21:09 -0700 

Right, I think there is a real need to support UserAdmin, but given
both JAAS and UserAdmin will be used for the same thing, it should be
easy to support both using a simple interface:

   public interface WebConsoleSecurityProvider {
      /** Check if the user with the specified password exists and
return an object identifying the user, else throw an exception */
      public Object authenticate(String username, String password)
throws SecurityException;
      /** Check that the authenticated user has the given role
permission or throw an exception */
      public void authorize(Object user, String role) throws SecurityException;
   }

Imho, this should be sufficient to provide authentication and
authorization for the web console and can be easily implemented using
UserAdmin or JAAS.

On Wed, May 27, 2009 at 10:24, Felix Meschberger <fmesc...@gmail.com> wrote:
> Hi,
>
> I would also prefer UserAdmin over JAAS, since this would allow for
> other implementations of that service to provide access control.
>
> For example Carsten and I have once been discussing implementing
> UserAdmin on top of a JCR Repository (e.g. Jackrabbit) to leverage
> existing user setups.
>
> Regards
> Felix
>
> Guillaume Nodet schrieb:
>> I need to read a bit more about UserAdmin.
>> I think it should be possible to have a JAAS LoginModule delegating to
>> UserAdmin.
>>
>> However, for the console, it may be quite easy to come up with a very
>> simple interface that would delegate to either JAAS or UserAdmin.  The
>> OSGi EEG is working on a spec for integrating JAAS into OSGi, so I
>> think it makes sense to be able to support both.
>>
>> On Wed, May 27, 2009 at 09:08, Carsten Ziegeler <cziege...@apache.org> wrote:
>>> Marcel Offermans wrote:
>>>> On May 27, 2009, at 8:53 , Gert Vanthienen wrote:
>>>>
>>>>> For securing the web console,
>>>>> wouldn't it make sense to integrate that with Karaf's JAAS support, so
>>>>> we can plug in other providers afterwards (e.g. things like LDAP)?
>>>> Should we not use the UserAdmin compendium service for that? To be
>>>> honest, I'm not familiar with Karaf's JAAS support, is that build as an
>>>> implementation of UserAdmin?
>>>>
>>> Yes, I think we should go with UserAdmin, too.
>>>
>>> Carsten
>>>
>>> --
>>> Carsten Ziegeler
>>> cziege...@apache.org
>>>
>>
>>
>>
>



-- 
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com

Reply via email to