[5.0] Splitting authentication and authorization.

[Jeanfrancois Arcand]

Hi,

since the last time I've proposed to split Authentication/Authorization, we have moved to JMX Listerner as hooks and standardize on JMX, I would like to re-open the discussion on splitting the behaviour. Mainly, I would like to move three Realm methods into an Authorizer interface and use the current Valve mechanism as the first implementation.. The Authorizer will define:

public boolean hasResourcePermission(HttpRequest,HttpResponse,SecurityConstraint);
public boolean hasUserDataPermission(HttpRequest,HttpResponse,SecurityConstraint);
public boolean hasRolePermission(HttpRequest, HttpResponse,SecurityConstraint, String role);

I would like to see a clear distinction between Authorization and Authentication. That will also allow third party implementation of JSR 115 (and the upcoming JSP on Authentication) to be more easily implemented in Tomcat.

The first implementation will be a re-factoring of the current code. Once completed, we should talk about having an JSR 115 implementation (requires by default the Security Manager) or something customized for Tomcat using JAAS.

The other solution is to move the Authenticator and Realm concept into coyote as JMX listener and add the Autorizer logic there(will require a CoyoteChain or something simliar to StandardPipeline). It is a major refactoring and I cannot sign on a major task like that (but I can help if we decide its the best decision). But I would favor a Valve for now (the logic will be re-usable if we decide to move it into coyote). That's what we call the two phases commit :-)

Throughts?

-- Jeanfrancois






--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>