I finally got some time to update
Jetspeed security documentation. I still have a little bit of work to do, but I think this is a good beginning and it was badly lacking. Jetspeed 2 fully leverages JAAS for authentication (through the implementation of
javax.security.auth.spi.LoginModule) and authorization (through the implementation of a custom
java.security.Policy) and provides a flexible security framework with a set of coarse grained services for user management, role management, group management and permission management.
Jetspeed security SPI provides a pluggable authentication and authorization architecture. I found interesting some of the similarities with
Acegi as pointed out by Keith Gary Boyce on
Jetspeed user list.
For future releases, I am planning to investigate integration with
JACC and with
JSR 196. Additionally, Jetspeed provides some nice portlets that provide management features for the security framework.
No comments:
Post a Comment