• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Access Control List, ACL's, Websphere

 
Ranch Hand
Posts: 427
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am building a web application for Websphere 4.0.x
I need a general purpose Access Control List (ACL) solution.
Does IBM provide an ACL API?
Does Webpshere have an ACL API?
Do you use ACL's? What API do you use?
---
Access Control Lists (ACL)
ACL API's, ACL implementations
http://jakarta.apache.org/turbine/fulcrum/apidocs/org/apache/fulcrum/security/entity/package-summary.html
http://jakarta.apache.org/turbine/fulcrum/apidocs/org/apache/fulcrum/security/util/package-summary.html
http://www.opensymphony.com/osuser/
http://www.opensymphony.com/osaccess/
Access control list package: java.security.acl
Classes:
javax.security.auth.Subject
java.security.Principal
java.security.acl.Owner
java.security.acl.Acl
java.security.acl.AclEntry
java.security.acl.Group

BEA WebLogic Server:
http://edocs.bea.com/wls/docs81/secmanage/index.html
BEA writes {{ "In WebLogic Server 6.x, access control lists (ACLs) and permissions were used to protect WebLogic resources. In this release of WebLogic Server, security policies replace ACLs and permissions. Security policies answer the question "who has access" to a WebLogic resource. A security policy is created when you define an association between a WebLogic resource and a user, group, or security role. You can also optionally associate a time constraint with a security policy. A WebLogic resource has no protection until you assign it a security policy.
Creating security policies is a multi-step process with many options. To fully understand this process, read Securing WebLogic Resources. This document should be used in conjunction with Managing WebLogic Security to ensure security is completely configured for a WebLogic Server deployment. }}
 
Sean Sullivan
Ranch Hand
Posts: 427
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My company uses the IBM Websphere Application Server.
Based upon what I've read at ibm.com, IBM recommends using
a product called "IBM Tivoli Access Manager for e-business"
This product handles authentication and authorization requests.
The product seems to integrate with Websphere and uses Java 2's
security "Permission" classes and JAAS.
I'm not sure if we want to use Tivoli Access Manager. What are some other alternatives?
 
Watchya got in that poodle gun? Anything for me? Or this tiny ad?
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic