Hi!
As earlier announced, a security framework is under developement. Now,
first results are available in a cvs branch called 'security_branch'.
It contains:
-- 3 new interfaces which must implemented in a
security plugin:
- I_SecurityManager
- I_SessionSecurityContext
- I_SubjectSecurityContext
location: org.xmlBlaster.authenticate.
-- a loader for security plugins:
org.xmlBlaster.util.PluginLoader
-- the new methods init and disconnect which
replace login and logout (AuthServer)
-- calls to check the rights, en-/decrypt
messages, sign/verify signatures ...
-- a dummy plugin which is used as default.
It has the same behavior as a usual xmlBlaster
without security extensions.
-- init and disconnect extensions in the CORBA
and RMI protocol handler
(XML-RPC, etc. are untouched. Thus, they don't
support init/disconnect up to now!)
An a2Blaster-plugin is also available, but not included, because it
presumes a2Blaster classes ...
Documentation (for administration and plugin developement), tests for
the test-suite, demos ... are in progress an will follow soon.
At this stage, I'm very interested in YOUR experiences regarding
compatiblity!!!!
This version *should* work without any changes, neither in sources nor
in the configuration.
I rely on YOUR feedback, to put everything right and merge this with the
main branch as soon as possible!!!
Sure, I'm interested in opinions and further experiences, too. But I
think, it's better to ask for it when documentation etc. is available
...
I'm waiting for your reports ... :)
Best regards,
Wolfgang Kleinertz