[jira] Commented: (FELIX-1764) Add support for pluggable access control

Wed, 09 Jun 2010 12:17:36 -0700 

    [ 
https://issues.apache.org/jira/browse/FELIX-1764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877173#action_12877173
 ] 

Guillaume Nodet commented on FELIX-1764:
----------------------------------------

My understanding is that SecurityException is mostly used by the java security 
manager when a user executes a piece of java code but does not have the 
required permissions.  Application-level security such as JAAS usually use the 
GeneralSecurityException.   The javadoc for SecurityException says: "Thrown by 
the security manager to indicate a security violation."

However, I'd have no probelm modifying the interface with something like:

{code}
public interface WebConsoleSecurityProvider {

    /**
     * Check if the user with the specified password exists and return an 
object identifying the user, else null
     */
    public Object authenticate(String username, String password);

    /**
     * Check that the authenticated user has the given role permission
     */
    public boolean authorize(Object user, String role);

}
{code}

 

> Add support for pluggable access control
> ----------------------------------------
>
>                 Key: FELIX-1764
>                 URL: https://issues.apache.org/jira/browse/FELIX-1764
>             Project: Felix
>          Issue Type: New Feature
>          Components: Web Console
>    Affects Versions: webconsole-2.0.0
>            Reporter: Felix Meschberger
>            Assignee: Guillaume Nodet
>             Fix For: webconsole-3.0.2
>
>
> Currently the web console only support HTTP BASIC authentication with its own 
> "user management". There is no way of supporting multiple users with varying 
> access rights.
> Some applications already have infrastructure to authenticate users and/or to 
> define access control, such as JAAS, OSGi User Admin or other ...
> Guillaume Nodet in [1] proposed a service interface to plug such access 
> control. The Web Console should be enhance to support this service API and 
> fall back to the current setup if no service is available.
> [1] http://markmail.org/message/5gwqlt7b3gfz7427

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to