yes,
you can use LDAP authentication.
check url: http://www.byte.com/column/BYT20000105S0004
-----Original Message-----
From: Manisha Menon [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 24, 2000 12:24 PM
To: [EMAIL PROTECTED]
Subject: Security in Servlet framework.
Hi all,
Is there any security framework which is to be used in
our web application for
authentication and authorization services. Our
application has got servlets,
JSP and beans but no EJB. The security framework
should be object-based and
independent of the server.
We have a framework which is almost similar to STRUTS
framework from Apache
by Craig. I suppose STRUTS as well as most of the
framework available does not
talk about security. Please correct me if I am wrong.
Though the question is slighlty off-topic, I believe
this forum is more
knowledgeable and can throw more light. Also please
note that this security
framework has to be implemented using servlets and
JSPs. So, only **you** can
help.
As such, we have decided to go for form-based
authentication. For authorization,
we are not sure how to go about.
The basic requirements for user authorizations are :
**Users** are to be authorized based on their
**Permissions** granted to them
through **Policy** file.
There will be **Group** of users, who almost share the
same characteristics. Of
course, there will be **User policy** and **Group
policy**. If **Permission** is
granted to the **Group**, it is also to every **User**
of the **Group**. Apart from
that **Users** can enjoy special privileges, which are
granted to them in their
respective **User Policy**. It has to throw
**exceptions** if any **user** is trying
to access a **resource**, to which he has no
**permissions**. So, the authorization has
to be **resource level** and also at **function
level** like add Item, Update Item,
Delete Item.
I am sorry if the requirements are vague.
I will appreciate, if someone can provide me more
information on the same lines or even
on similar lines. Even Suitable pointers can be shown,
are highly welcome.
Thank you so much,
Manisha
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
