I plan on doing an extension of JBossSX + JCA based on applicable standards to provide a uniform security service for all JBoss services.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 21, 2001 12:29 PM Subject: Re: [JBoss-dev] User API; was Tomcat security/LdapLoginModule > At a first architectual level, this would mean that to be able to > autenticate as the the current user, each such system must have added a > LoginModule to the auth chain for that particular security domain, and > that the LoginModule works in cooperation with the API/adapter giving > access to the resource data, probably by using some sort of > encryption/ticket granting mechanism internally known only the the parts > handling the resource. > > This could probably be made pretty generic for JCA stuff (JBoss would > have to handle both the LoginModule and the encrytion/decryption of > credentials. For LDAP it would not be that hard either, I think. > > Or is it better to wait for SUN to make a stand on this things (and they > will eventually!)? Should we only implement stuff that is standardized > for the container? > > Well, just my 2c. > > //Peter > _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development