jQuery in Action, 3rd edition
The moose likes Portals and Portlets and the fly likes Recommended Security Architecture Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Portals and Portlets
Bookmark "Recommended Security Architecture" Watch "Recommended Security Architecture" New topic

Recommended Security Architecture

anyz mick

Joined: Aug 09, 2004
Posts: 15
I am assigned a task to work on Portal based upon Portlet 2.0 that will be deployed on Tomcat using Jetspeed 2.2.1. However in future this must be deployable on other portlet servers like IBM WebSphere. In first step I have to work out the possible security model for the application. Major requirements for security:
- Based on some standard
- Easily portable to Websphere or other server
- Two step security model in which authentication is done on cooperate network (LDAP or domain controller for example) than authorizations will be controlled by portlet server

So security must not dependent or tightly coupled with Jetspeed specific features. My initial understanding user must exists in portlet server (Jetspeed on this case) to control the authorization stuff(who can access and what can do). What could be best way these server independent so that these can be ported easily to other servers. Or for each server we have to re-create user/groups/roles using sort of admin interface that server provides.

Thanks for time.
I agree. Here's the link: http://aspose.com/file-tools
subject: Recommended Security Architecture
It's not a secret anymore!