my dog learned polymorphism
The moose likes Java in General and the fly likes Interoperability UNIX and Java Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Interoperability UNIX and Java" Watch "Interoperability UNIX and Java" New topic

Interoperability UNIX and Java

vik nuckchady

Joined: Apr 25, 2001
Posts: 25
I am trying to build an intranet using J2EE. However i was thinking of leavig the access control management to UNIX since it has a strong track record in terms of security. The idea is to let UNIX decide whether a user belonging to some group can have access to the document (object in question).
This idea derives from the possiblity of making system calls as in a CGI approach. i know this defeats some very important rules laid down by Sun.
i would really appreciate any criticism or ideas of how to go about.
Thanks in advance.
Regards Vik
Rob Acraman
Ranch Hand

Joined: Dec 03, 2000
Posts: 89
Interesting project. I'm no great expert, but I'll throw my 2-cents in for what it's worth
Offhand, I reckon you wouldn't be able to use Unix security.
Picture this: Your users are on their PCs hitting your intranet through their web-browsers. What's happening at the server end? Answer: the client's requests are being handled by your web-server.
And that's the problem. Your WebServer is a single process, with its own user-id and protection. Unix security never sees the "remote" user-id, and it doesn't have the faintest idea which user the web-server is servicing at the moment.
In fact, of course, the WebServer could very well be servicing a user that doesn't even have a logon id on the unix box (just like you don't have a logon id at the machine that's hosting JavaRanch).
The closest you can get to it is that you can get the WebServer to prompt for a login against one of its own user-ids, and that enables users to access various directories protect by the ".htaccess" files. Of course, ".htaccess" is a filename coded into the WebServers, not Unix.
I agree. Here's the link:
subject: Interoperability UNIX and Java
It's not a secret anymore!