Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Interoperability UNIX and Java

 
vik nuckchady
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I am trying to build an intranet using J2EE. However i was thinking of leavig the access control management to UNIX since it has a strong track record in terms of security. The idea is to let UNIX decide whether a user belonging to some group can have access to the document (object in question).
This idea derives from the possiblity of making system calls as in a CGI approach. i know this defeats some very important rules laid down by Sun.
i would really appreciate any criticism or ideas of how to go about.
Thanks in advance.
Regards Vik
 
Rob Acraman
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Interesting project. I'm no great expert, but I'll throw my 2-cents in for what it's worth
Offhand, I reckon you wouldn't be able to use Unix security.
Picture this: Your users are on their PCs hitting your intranet through their web-browsers. What's happening at the server end? Answer: the client's requests are being handled by your web-server.
And that's the problem. Your WebServer is a single process, with its own user-id and protection. Unix security never sees the "remote" user-id, and it doesn't have the faintest idea which user the web-server is servicing at the moment.
In fact, of course, the WebServer could very well be servicing a user that doesn't even have a logon id on the unix box (just like you don't have a logon id at the machine that's hosting JavaRanch).
The closest you can get to it is that you can get the WebServer to prompt for a login against one of its own user-ids, and that enables users to access various directories protect by the ".htaccess" files. Of course, ".htaccess" is a filename coded into the WebServers, not Unix.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic