Right, I think there is a real need to support UserAdmin, but given both JAAS and UserAdmin will be used for the same thing, it should be easy to support both using a simple interface:
public interface WebConsoleSecurityProvider { /** Check if the user with the specified password exists and return an object identifying the user, else throw an exception */ public Object authenticate(String username, String password) throws SecurityException; /** Check that the authenticated user has the given role permission or throw an exception */ public void authorize(Object user, String role) throws SecurityException; } Imho, this should be sufficient to provide authentication and authorization for the web console and can be easily implemented using UserAdmin or JAAS. On Wed, May 27, 2009 at 10:24, Felix Meschberger <fmesc...@gmail.com> wrote: > Hi, > > I would also prefer UserAdmin over JAAS, since this would allow for > other implementations of that service to provide access control. > > For example Carsten and I have once been discussing implementing > UserAdmin on top of a JCR Repository (e.g. Jackrabbit) to leverage > existing user setups. > > Regards > Felix > > Guillaume Nodet schrieb: >> I need to read a bit more about UserAdmin. >> I think it should be possible to have a JAAS LoginModule delegating to >> UserAdmin. >> >> However, for the console, it may be quite easy to come up with a very >> simple interface that would delegate to either JAAS or UserAdmin. The >> OSGi EEG is working on a spec for integrating JAAS into OSGi, so I >> think it makes sense to be able to support both. >> >> On Wed, May 27, 2009 at 09:08, Carsten Ziegeler <cziege...@apache.org> wrote: >>> Marcel Offermans wrote: >>>> On May 27, 2009, at 8:53 , Gert Vanthienen wrote: >>>> >>>>> For securing the web console, >>>>> wouldn't it make sense to integrate that with Karaf's JAAS support, so >>>>> we can plug in other providers afterwards (e.g. things like LDAP)? >>>> Should we not use the UserAdmin compendium service for that? To be >>>> honest, I'm not familiar with Karaf's JAAS support, is that build as an >>>> implementation of UserAdmin? >>>> >>> Yes, I think we should go with UserAdmin, too. >>> >>> Carsten >>> >>> -- >>> Carsten Ziegeler >>> cziege...@apache.org >>> >> >> >> > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com