axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Opler <chrisop...@free.fr>
Subject Re: cvs commit: xml-axis/java/src/org/apache/axis/security Authen ticatedUser.java SecurityProvider.java
Date Wed, 01 Aug 2001 19:04:03 GMT
You might want to check out the jaas implementation for jboss -- might give a
good sense of how easy/hard jaas would be to use with axis as well as provide
some sample code.

Regards,

Chris Opler

Glen Daniels wrote:

> I took a look at JAAS last night.
>
> My quick impression is that it's fairly complex, and involves permissions
> and policy files and signed code.  Redux: I think we should go there
> eventually (probably with tooling around it to make it easier to use), but
> in the 3.0 timeframe, doing something much simpler is a better plan.  Also,
> if people want to build adapters from our simple security interfaces to
> systems like JAAS, they are welcome to.
>
> I will also ask our security guys today whether my impressions re: JAAS are
> accurate, and what they recommend.
>
> Thoughts / comments?
>
> --G
>
> ----- Original Message -----
> From: "Sam Ruby" <rubys@us.ibm.com>
> To: <axis-dev@xml.apache.org>
> Sent: Tuesday, July 31, 2001 12:45 PM
> Subject: RE: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
> ticatedUser.java SecurityProvider.java
>
> > Dirk-Willem van Gulik wrote:
> > >
> > > This is a very nice patch. I think eventually we need to go a lot more
> > > fine grained. Let me check with the home office to see if I can grab
> this
> > > ball for a bit. Esp. when it comes to web sercurity.
> >
> > Before reinventing, we should investigate existing standards.  For
> example:
> > JAAS.  If we look at it and decide that it is not appropriate, I'm OK with
> > that, but otherwise I see no value in simply reinventing for reinventing
> > sake.
> >
> > - Sam Ruby
> >


Mime
View raw message