• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

Interoperability UNIX and Java

Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to build an intranet using J2EE. However i was thinking of leavig the access control management to UNIX since it has a strong track record in terms of security. The idea is to let UNIX decide whether a user belonging to some group can have access to the document (object in question).
This idea derives from the possiblity of making system calls as in a CGI approach. i know this defeats some very important rules laid down by Sun.
i would really appreciate any criticism or ideas of how to go about.
Thanks in advance.
Regards Vik
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Interesting project. I'm no great expert, but I'll throw my 2-cents in for what it's worth
Offhand, I reckon you wouldn't be able to use Unix security.
Picture this: Your users are on their PCs hitting your intranet through their web-browsers. What's happening at the server end? Answer: the client's requests are being handled by your web-server.
And that's the problem. Your WebServer is a single process, with its own user-id and protection. Unix security never sees the "remote" user-id, and it doesn't have the faintest idea which user the web-server is servicing at the moment.
In fact, of course, the WebServer could very well be servicing a user that doesn't even have a logon id on the unix box (just like you don't have a logon id at the machine that's hosting JavaRanch).
The closest you can get to it is that you can get the WebServer to prompt for a login against one of its own user-ids, and that enables users to access various directories protect by the ".htaccess" files. Of course, ".htaccess" is a filename coded into the WebServers, not Unix.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic