Turbine is an an other project but not yet finished.
It will help developers not to work out with some kind of
security stuff but not finished yet.
Look at www.apache.org
>From: Manisha Menon <[EMAIL PROTECTED]>
>Reply-To: "A mailing list for discussion about Sun Microsystem's Java
> Servlet API Technology." <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Servlet Security Framework
>Date: Mon, 24 Jul 2000 12:25:27 -0700
>
>Hi all,
>
>Is there any security framework which is to be used in
>our web application for
>authentication and authorization services. Our
>application has got servlets,
>JSP and beans but no EJB. The security framework
>should be object-based and
>independent of the server.
>
>We have a framework which is almost similar to STRUTS
>framework from Apache
>by Craig. I suppose STRUTS as well as most of the
>framework available does not
>talk about security. Please correct me if I am wrong.
>
>Though the question is slighlty off-topic, I believe
>this forum is more
>knowledgeable and can throw more light. Also please
>note that this security
>framework has to be implemented using servlets and
>JSPs. So, only **you** can
>help.
>
>As such, we have decided to go for form-based
>authentication. For authorization,
>we are not sure how to go about.
>
>The basic requirements for user authorizations are :
>
>**Users** are to be authorized based on their
>**Permissions** granted to them
>through **Policy** file.
>
>There will be **Group** of users, who almost share the
>same characteristics. Of
>course, there will be **User policy** and **Group
>policy**. If **Permission** is
>granted to the **Group**, it is also to every **User**
>of the **Group**. Apart from
>that **Users** can enjoy special privileges, which are
>granted to them in their
>respective **User Policy**. It has to throw
>**exceptions** if any **user** is trying
>to access a **resource**, to which he has no
>**permissions**. So, the authorization has
>to be **resource level** and also at **function
>level** like add Item, Update Item,
>Delete Item.
>
>I am sorry if the requirements are vague.
>
>I will appreciate, if someone can provide me more
>information on the same lines or even
>on similar lines. Even Suitable pointers can be shown,
>are highly welcome.
>
>Thank you so much,
>
>Manisha
>
>
>
>__________________________________________________
>Do You Yahoo!?
>Get Yahoo! Mail � Free email you can access from anywhere!
>http://mail.yahoo.com/
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
