Les Hazlewood wrote:
> I've given presentations on JSecurity and had many discussions in
> private, and I always ask my audience: "How many people have heard
> of JAAS?" Maybe 40-50% of the listeners affirm they have. Then I
> ask, "how many of you have used the JAAS API or its constructs
> (pe
On Sun, Jun 8, 2008 at 12:16 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
> The reason it is not in place now and hasn't been in 3 years is that
> because the vast majority of our community - application and framework
> developers - could care less about JAAS - it is a cumbersome,
> difficult to u
In fact, JAAS was _the_ primary driving factor in what eventually
became JSecurity: I had to execute a number of security operations
for an application, and the only thing out there was JAAS. I found
myself drowning in their mish-mash of incomprehensible APIs and
obscure VM-level security constr
Just a clarification:
JSecurity can be used in any environment - web or not, container or
not. The reason why the Filter approach is best known is that it is
the easiest to set up - Filters allow an 'interceptor' mechanism that
is common to any web container. When not using a Filter, you must us
Full JAAS integration is desired for the 1.0 final release to support
those who actually implement containers. JSecurity is usable in all
containers today, both web and non-web today, just not via JAAS yet.
The reason it is not in place now and hasn't been in 3 years is that
because the vast majo
Frank W. Zammetti wrote:
> Noel J. Bergman wrote:
> > I also see that JSecurity web support relies on a return to
> > application-level security based on a filter, rather than rely on
container
> > management, which has evolved as a cornerstone of Java programming.
> > The reliance on a filter is
Noel J. Bergman wrote:
I also see that JSecurity web support relies on a return to
application-level security based on a filter, rather than rely on container
management, which has evolved as a cornerstone of Java programming. The
reliance on a filter is probably because JSecurity is not (yet?)
How does JSecurity relate to existing standards, e.g., JAAS, JACC,
WS-Security, etc.?
The only reference I found is a comment in the slide show saying "Simplify
or replace JAAS." Well JAAS is the Java standard in this space, and part of
the Java core, so are we proposing a replacement or suppleme
Day after day, acres of pixels are needlessly harvested because of the
shear hubris in the decision to name this list "general" and not
"gen".Our planet's oceans just cannot support this unbridled
consumption. Plus there's of all the megawatts expended just to even
render that extra "e
Hi Alan,
On Jun 3, 2008, at 11:18 AM, Alan D. Cabrera wrote:
Kinda long, IMO.
If users had to type the alias, I'd agree that it's kinda long. But
when do you type email aliases any more?
Regards,
Craig
Regards,
Alan
On Jun 2, 2008, at 9:01 AM, Craig L Russell wrote:
One more nit c
Kinda long, IMO.
Regards,
Alan
On Jun 2, 2008, at 9:01 AM, Craig L Russell wrote:
One more nit comment on the proposal.
The mailing lists proposed are prefixed with jsec, but the project
name and mailing lists on codehaus.org are "jsecurity".
Shouldn't the aliases in Apache be jsecurity-
I usually like shorter "code names" for JIRA b/c it is easier to
type. For example, when looking up a specific issue number using
search or including in SVN comments during commit.
+1 for JSEC in JIRA
(although jsecurity makes sense for mailing lists)
On Jun 2, 2008, at 12:29 PM, Les Hazl
Les Hazlewood wrote:
I prefer JSEC for Jira just because that is what we use now. It has grown
on me ;)
If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
little more digestible (at least in length) than JSECURITY-SUBA, etc.
Yep. We have the same on Directory : DIRSERV
Makes sense to me Les.
Alex
On Mon, Jun 2, 2008 at 12:29 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
> I prefer JSEC for Jira just because that is what we use now. It has grown
> on me ;)
>
> If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
> little more digestible (at
I prefer JSEC for Jira just because that is what we use now. It has grown
on me ;)
If any sub projects come , then JSECSUBA, JSECSUBB, JSECSUBC, etc feel a
little more digestible (at least in length) than JSECURITY-SUBA, etc.
Just my .02
On Mon, Jun 2, 2008 at 12:16 PM, Emmanuel Lecharny <[EMAI
Les Hazlewood wrote:
Sure, that sounds good to me. I'll update the proposal...
Then maybe JSECURITY for Jira too might be good. Not sure... Depends if
we will have many sub-projects, which might be a good idea, regarding
the various funtionalities.
wdyt ?
--
--
cordialement, regards,
E
Sure, that sounds good to me. I'll update the proposal...
On Mon, Jun 2, 2008 at 12:01 PM, Craig L Russell <[EMAIL PROTECTED]>
wrote:
> One more nit comment on the proposal.
>
> The mailing lists proposed are prefixed with jsec, but the project name and
> mailing lists on codehaus.org are "jsecu
One more nit comment on the proposal.
The mailing lists proposed are prefixed with jsec, but the project
name and mailing lists on codehaus.org are "jsecurity".
Shouldn't the aliases in Apache be jsecurity-xxx?
Craig
On May 30, 2008, at 8:45 AM, Alan D. Cabrera wrote:
On May 29, 2008, at
Hi Alex,
I think the proposal is a good one and has good prospects for success.
No quarrel with anything you've said.
Craig
On Jun 1, 2008, at 12:29 PM, Alex Karasulu wrote:
On Sun, Jun 1, 2008 at 2:52 PM, Craig L Russell
<[EMAIL PROTECTED]>
wrote:
On Jun 1, 2008, at 10:53 AM, Alan D.
On Sun, Jun 1, 2008 at 2:52 PM, Craig L Russell <[EMAIL PROTECTED]>
wrote:
> On Jun 1, 2008, at 10:53 AM, Alan D. Cabrera wrote:
>
>>
>> On May 31, 2008, at 7:27 PM, Craig L Russell wrote:
>>
>> I've signed on to mentor this project.
>>>
>>
>> Great!
>>
>> Maybe there is a "fast track" through t
Hi Craig,
We're definitely happy to have you as a mentor. Thanks for joining in!
Have you joined the developer list? I have at least one question to ask you
thus far, but I don't want to hijack this thread.
Thanks!
Les
On Sun, Jun 1, 2008 at 2:52 PM, Craig L Russell <[EMAIL PROTECTED]>
wrote:
On Jun 1, 2008, at 10:53 AM, Alan D. Cabrera wrote:
On May 31, 2008, at 7:27 PM, Craig L Russell wrote:
I've signed on to mentor this project.
Great!
Maybe there is a "fast track" through the incubator, and this is a
good project to try it out. Can JSecurity get graduated in six
months?
On May 31, 2008, at 7:27 PM, Craig L Russell wrote:
I've signed on to mentor this project.
Great!
Maybe there is a "fast track" through the incubator, and this is a
good project to try it out. Can JSecurity get graduated in six months?
IIUC, all incubator projects are on the "fast track"
On Sat, May 31, 2008 at 7:27 PM, Craig L Russell <[EMAIL PROTECTED]> wrote:
> IMHO, the decision on build tools belongs to the community.
>
> I've signed on to mentor this project.
>
> Maybe there is a "fast track" through the incubator, and this is a good
> project to try it out. Can JSecurity get
IMHO, the decision on build tools belongs to the community.
I've signed on to mentor this project.
Maybe there is a "fast track" through the incubator, and this is a
good project to try it out. Can JSecurity get graduated in six months?
Craig
On May 30, 2008, at 9:08 AM, Jeremy Haile wrote:
Ant+Ivy vs Maven =)
On May 30, 2008, at 12:06 PM, James Carman wrote:
On Fri, May 30, 2008 at 12:03 PM, Emmanuel Lecharny
<[EMAIL PROTECTED]> wrote:
Maven vs Ant vs Buildr ?
Who uses Ant or Buildr? ;)
-
To unsubscribe, e-
On Fri, May 30, 2008 at 12:03 PM, Emmanuel Lecharny
<[EMAIL PROTECTED]> wrote:
> Maven vs Ant vs Buildr ?
Who uses Ant or Buildr? ;)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
James Carman wrote:
On Fri, May 30, 2008 at 8:27 AM, Alex Karasulu <[EMAIL PROTECTED]> wrote:
There's no uniqueness requirement AFAIK. Any kind of project can be
proposed even if there already exist multiple implementations of a similar
technology here at the ASF and abroad.
Perhaps
Alan D. Cabrera wrote:
On May 30, 2008, at 5:27 AM, Alex Karasulu wrote:
On Fri, May 30, 2008 at 8:04 AM, James Carman
<[EMAIL PROTECTED]>
wrote:
Isn't there something that states that an incubating project needs to
be novel or provide something that's not already provided by another
librar
On Fri, May 30, 2008 at 11:47 AM, James Carman <[EMAIL PROTECTED]>
wrote
> On Fri, May 30, 2008 at 8:27 AM, Alex Karasulu <[EMAIL PROTECTED]>
> wrote:
>
> > There's no uniqueness requirement AFAIK. Any kind of project can be
> > proposed even if there already exist multiple implementations of a
>
On Fri, May 30, 2008 at 8:27 AM, Alex Karasulu <[EMAIL PROTECTED]> wrote:
> There's no uniqueness requirement AFAIK. Any kind of project can be
> proposed even if there already exist multiple implementations of a similar
> technology here at the ASF and abroad.
>
Perhaps the uniqueness/novel res
On May 29, 2008, at 11:32 PM, Bertrand Delacretaz wrote:
Hi,
On Wed, May 28, 2008 at 11:19 PM, Alan D. Cabrera <[EMAIL PROTECTED]
> wrote:
...http://wiki.apache.org/incubator/JSecurityProposal...
Looks good to me, IMHO this is ready for a vote.
Thanks. I'll let the weekend crowd peruse
On May 30, 2008, at 5:27 AM, Alex Karasulu wrote:
On Fri, May 30, 2008 at 8:04 AM, James Carman <[EMAIL PROTECTED]
>
wrote:
Isn't there something that states that an incubating project needs to
be novel or provide something that's not already provided by another
library (with an open-source
I like this idea! We have an application that has a Swing client and
we talk to the server via Spring remoting. This shared session idea
sounds intriguing. I might have to look into switching to JSecurity!
:)
If you're interested in the Swing-web session interaction check out
our Spring sam
If you're curious, the two classes end-users use the most are the
Subject (http://www.jsecurity.org/api/org/jsecurity/subject/Subject.html),
and the Session
(http://www.jsecurity.org/api/org/jsecurity/session/Session.html) -
acquired via subject.getSession();
Cheers,
Les
On Fri, May 30, 2008 at
The other thing about JSecurity's enterprise session support is that
it in many cases serves as a native basic Single Sign-On solution.
For example, the most common scenario that typically occurs is the
following (there are several current production environments that work
like this):
A session is
On Fri, May 30, 2008 at 8:31 AM, Jeremy Haile <[EMAIL PROTECTED]> wrote:
> Another differentiator is that JSecurity provides a session framework
> that is not limited to being shared across just web-based applications.
> We have users that share sessions across multiple environments, such as
> Swi
The fact that JSecurity is container-agnostic is certainly a
differentiator. JSecurity aims to support security in any environment.
In fact, we have several users that are using JSecurity in non-web
environments, such as pure-service layers or even Swing applications.
JSecurity also aims to gr
On Fri, May 30, 2008 at 8:04 AM, James Carman <[EMAIL PROTECTED]>
wrote:
> Isn't there something that states that an incubating project needs to
> be novel or provide something that's not already provided by another
> library (with an open-source license)? I have looked at the JSecurity
> proposa
Isn't there something that states that an incubating project needs to
be novel or provide something that's not already provided by another
library (with an open-source license)? I have looked at the JSecurity
proposal only briefly, but it seems to me that most of what it aims to
provide is already
Hi,
On Wed, May 28, 2008 at 11:19 PM, Alan D. Cabrera <[EMAIL PROTECTED]> wrote:
> ...http://wiki.apache.org/incubator/JSecurityProposal...
Looks good to me, IMHO this is ready for a vote.
-Bertrand
-
To unsubscribe, e-mail: [EM
41 matches
Mail list logo
