Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Equinox » JAAS Authorization
JAAS Authorization [message #90829] Tue, 19 June 2007 20:32 Go to next message
Ali S is currently offline Ali SFriend
Messages: 7
Registered: July 2009
Junior Member
Hi

I have created a desktop like web app (Equinox[Jetty] + Echo). It has a
file browser and some other simple apps. To control access to files and
other resources I'm going to use JAAS authorization(azn). I have enabled
SecurityManager and an XML based policy authorization (permission are
granted to roles and roles associated to users in two XML file and
evaluated when user tries to access a resource like files).
Authentication(acn) is done without JAAS, but all request from users pass
a filter that does chain.doFilter as acned user.

The problem is that I don't know how to manage policies to let Equinox to
do their own job and I don't know whether Equinox knows what do as
privileged or not?

Any help/comment is appreciated and welcome.

Regards,
Ali

Report message to a moderator

Re: JAAS Authorization [message #90856 is a reply to message #90829] Wed, 20 June 2007 00:49 Go to previous message
Simon Kaegi is currently offline Simon KaegiFriend
Messages: 381
Registered: July 2009
Senior Member
Hi Ali,

Sounds interesting.
There's a JAAS discussion goin on the dev-list you might want to monitor.
Also, there's some early work gathering requirements here -
http://wiki.eclipse.org:80/index.php/Security:_Requirements
If you haven't already you might want to take a look at the Conditional
Permission Admin spec. There's some information there around dynamic policy
that might be useful as I don't think simple file based policy is workable
in an OSGi environmnet.

-Simon

"Ali Sakebi" <ali.sakebi@gmail.com> wrote in message
news:498b794d52bec113fea119915bdc2d38$1@www.eclipse.org...
> Hi
>
> I have created a desktop like web app (Equinox[Jetty] + Echo). It has a
> file browser and some other simple apps. To control access to files and
> other resources I'm going to use JAAS authorization(azn). I have enabled
> SecurityManager and an XML based policy authorization (permission are
> granted to roles and roles associated to users in two XML file and
> evaluated when user tries to access a resource like files).
> Authentication(acn) is done without JAAS, but all request from users pass
> a filter that does chain.doFilter as acned user.
> The problem is that I don't know how to manage policies to let Equinox to
> do their own job and I don't know whether Equinox knows what do as
> privileged or not?
>
> Any help/comment is appreciated and welcome.
>
> Regards,
> Ali
>
>

Report message to a moderator

Previous Topic:URLEncoded Directory Paths
Next Topic:URLClassLoader, RMI & Equinox
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 26 10:06:22 GMT 2024

Powered by FUDForum. Page generated in 0.03453 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly