Kewl, well I'm glad I'm not the only that see's the usefulness in a recursive solution. I always thought that using just rolenames, was just a hack to an obviously recursive problem.
Man, sounds like an awesome LoginModule I would sure like to see it. License (Apache, GPL, LGPL?). Do you have any comments on the SASL vs. GSSAPI debate? Edward --- Kevin Conner <[EMAIL PROTECTED]> wrote: > I hope you two don't mind me adding something to the > discussion, I hope it > is pertinent. > > I have a login module that does something similar to > what it being proposed > by Edward, > the recursive mapping of the role principals until > no more mapping can be > performed. > Associated with each of these roles are properties > that are used to fine > tune the > security or provide general user properties (the > user principal also has > associated > properties). > > I was asked to implement this because our clients > required a hierarchical > approach > to security; they wanted the ability to specify a > role in terms of other > roles. > > This has worked very well in our environment and our > customers heavily use > this capability, mapping the roles onto their own > organisational structure. > > IMHO the login module is the best place for this > mapping, for performance > reasons > if no other, and it would be easy to abstract the > recursive nature into a > base class. > I also agree, again IMHO, that the login module is > the best place because > the JAAS > framework delegates this responsibility to the login > module. > > Once again, I hope you don't mind this intrusion. > > Kev ===== Edward Flick Enterprise Applications Designer / Database Administrator / Web Administrator CDF, Inc. __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
