Hi I am trying to build an intranet using J2EE. However i was thinking of leavig the access control management to UNIX since it has a strong track record in terms of security. The idea is to let UNIX decide whether a user belonging to some group can have access to the document (object in question). This idea derives from the possiblity of making system calls as in a CGI approach. i know this defeats some very important rules laid down by Sun. i would really appreciate any criticism or ideas of how to go about. Thanks in advance. Regards Vik
Interesting project. I'm no great expert, but I'll throw my 2-cents in for what it's worth Offhand, I reckon you wouldn't be able to use Unix security. Picture this: Your users are on their PCs hitting your intranet through their web-browsers. What's happening at the server end? Answer: the client's requests are being handled by your web-server. And that's the problem. Your WebServer is a single process, with its own user-id and protection. Unix security never sees the "remote" user-id, and it doesn't have the faintest idea which user the web-server is servicing at the moment. In fact, of course, the WebServer could very well be servicing a user that doesn't even have a logon id on the unix box (just like you don't have a logon id at the machine that's hosting JavaRanch). The closest you can get to it is that you can get the WebServer to prompt for a login against one of its own user-ids, and that enables users to access various directories protect by the ".htaccess" files. Of course, ".htaccess" is a filename coded into the WebServers, not Unix.