[Pki-devel] 0001-Provide-Custom-PKI-JNDI-Realm.patch
John Magne
jmagne at redhat.com
Thu Mar 15 19:06:09 UTC 2012
Most of the acls support group membership as part of their contraints.
For this we make use of the inherited JNDI support to check to see if the user has the
given role/group membership. Also, the code calls the base class method for
authorization. Thus if the web.xml was configured with static roles and auth
constraints, those checks would be done as well.
----- Original Message -----
From: "Adam Young" <ayoung at redhat.com>
To: pki-devel at redhat.com
Sent: Wednesday, March 14, 2012 6:47:46 PM
Subject: Re: [Pki-devel] 0001-Provide-Custom-PKI-JNDI-Realm.patch
So while this is perfect for working with both PKI, and FreeIPA, for
most of the JNDI/LDAP world, authorization consists of membership in
groups. I believe the is how the original JNDI plugin works. When we
extract this into its own RPM, we should keep that in mind, and allow
the configuration to specify which way it is going to be used.
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list