Re:J2EE security? should be just Java 2 security
on
J2EE Security
·
· Score: 1
Agreed about JAAS's absence, and I'll pass this book up for that specific reason. I can't think of any security implementation better poised to really benefit J2EE applications than JAAS. Yet its complexity and relative lack of documentation and tutorials involving the most common of scenarios is IMHO really holding it back. It isn't the fault of JAAS itself - granular security isn't child's play, but solid discussions about JAAS-based authentication and authorization implementations are few and far between. Scott
Such adolescent tripe. If scientists were so innovative they'd figure out a way to feed their families without drawing paychecks from corporations and universities. Go fund a scientist for 5 years at $50,000/yr (oh, and remember to add health insurance, COBRA, SSI and office overhead to that outflow) and tell me you don't have any expectations on what they spend their time on. Hampered indeed. Scott
Sigh - I've gotta get this off my chest - sorry that it's OT...
If the price they ask is for your safety and security, I bet you'll pay that too.
Sorry AC, I'm not impressed with Holland's recent track record of letting other countries be the security lightning rod of the world while you guys enjoy relative anonymity. Our soldiers over there are fully aware of what they're risking their lives (and sometimes dying) for, and it sure as heck isn't oil. I'd bet that Americans (I'm one of them) would be glad to pay $10 a gallon if it meant safety and security. But with Hussein and the likes receiving those payments, it funds oppression and the support of terrorism (or didn't you see the images of torture chambers in every town and a population afraid to speak). Hey, if you want to feel like you're doing the right thing for the world, get off your armchair and invent better fuel cells, photovoltaics, safer nuclear disposal technologies, or better yet a way to reconcile Islamic Fundamentalism with Western Socio-Capitalism. I'll be the first to hand a Nobel medal on your neck if you do.
Anyway, fuel is the cheapest part of flying general aviation aircraft. Of the $55/hr I spend on my club's Cessna 152, only $18 of that is fuel, while the other $37 goes to insurance, maintenance, bank payments and registration fees. Following your argument, the U.S. should be invading machnine parts suppliers and insurance underwriters...
Scott
In theory, yes, but in practice you just throw cheap hardware at the problem and be done with it. The benefits of a comprehensive, scalable, cohesive yet decoupled Java architecture outweighs the incremental speed reduction. It's the same argument that poor old C++ had to go through when the MASM luddites came knocking at it's doors, torches lit and well in hand...;-)
No, no, no. Humor aside, XML was never supposed to behave as an access control system. It WAS intended to be a self-describing and self-validating way of encapsulating lots of different kinds of data. It's succeeded, is popular because of that fact, and XACML is an example of how you can even store entitlement logic in XML. Now, with XACML you can implement that same logic not only in Java but also C, C#, PHP, ASP, VB, Perl, and anything else you desire because the rules are stored in a language-independant and platform-independant format. THAT's the main benefit, and Sun should be given credit where credit is due.
alext, you're completely missing the point. Java users have been able to do this for quite some time now. Take a look a JAAS - it is an excellent solution if all you do is Java. But the purpose of describing the access control policies in something language-independant like XML is that, we'll, you can implement it in other languages without having to rewrite both the rules and the access control mechanism. This is darn good stuff actually, and lots of readers here are completely missing it. You and many others are blaming Sun for developing something that can be used for more than just Java! Incredulous...
I work in a place that's responsible for software with complex business rules surrounding access control (authentication and authorization), written in ASP, Java, Perl, C#, and VB. So then what would YOUR solution be for me? To write separate access control mechanisms for each one in their own languages? Or scrap all of the existing code and pick one language? Or have then all connect externally to a "general-purpose language" and end up dumping all of the dissimilar access control rules into one container and struggle with how to consistently store and implement them?
Sun's done much of that with their new "language" (although I disagree with that description). XML is perfect for storing this kind of information because you have to be able to not only self-describe the access control rules, but also have the flexability to define them in complex and embedded ways.
Looks like an interesting technology to me, and certainly a compliment (if not extension) to JAAS, which is a arguably the most popular public application development security schema around. Unfortunately, it describes its access control rules in Java, not the language-independant XML format in Sun's new technology.
> You shell out the money for it because you need > it. > If you need it, then it just has to work. > If it has to work, you'll need support. > If you need support, you'll need to be on a supported platform.
Excellent summary, I can tell you're an experienced admin, manager and/or developer.
When I have a need to use funky hardware/software combinations, I assess the risks as well as the benefits, and that includes political, maintenance and support considerations. I can't think of a situation where I work that FreeBSD and Oracle would pass that litmus test.
Anyway, I'm not so warm on Solaris 9.x on non-Sun Intel architectures. Sun's support for 8.x on Intel was meager at best, and hardly anything ran on it. We badly wanted to run Solaris on a Compaq Proliant that we had available, but because of the weak support and my company's disinterest in the political risks of Linux, we had to install, yes, Windows.
Avumede,
There is a LOT of merit in your suggestion - and I would have ben taking you up on that one over the last 15 years had it been available on video before now. The release of Koyaanisqatsi on DVD is a truly fantastic thing.
As for your final comment, anyone who discounts this film as "environmentalist, or leftist in some way" simply doesn't know how to let go of their own cognitive investments long enough to accept new ways of looking at things. This film is modern art, and requires the same open mind to appreciate what it has to offer.
Scott
"Perhaps the Purpose of Humanity is to evenly radiate the planet's surface so that the egg can hatch..." - J.S., 1983.
Quick! Someone get funding to study the correlation between computing platforms and penis/breast sizes... I mean, that's where this stupid comparison is really going, isn't it? In 35 scant years of existence I've rarely encountered anyone really smart in one area who didn't pay for it with failings in another. It seems that nature maintains a certain balance that way.
Beisdes, following the same reasoning of this article, you could also say that 403b investors tend on a whole to be more educated than 401k participants. Well, duh!
True, I won't argue with you about the French. The U.S. did indeed save _France_ from occupation, largely due to the Normandy invasion (although the Brits were right there with us). Now France appears to be far more interested in maintaining their business relationships with the Middle East than in helping with America's sudden awareness of the threat of terrorism. I also think your "release valve" point has some truth. Either way, they're not in the same class as England as far as global citizenship is concerned.
America didn't win World War II, the combined forces did. Didn't learn that in history class? Neither did I, but the actual truth is that while Europe would probably have continued to fall to the Nazis over time without America's (significant) participation, don't discount the immense and critical efforts of Russia, England and the other Allied forces. The U.S. was isolationist until we got hit in Perl. The body blow woke us up not only to the Pacific, but to the European theater as well. No doubt the Russians suffered the most, and were it not for their ferocity and steadfastness, Hitler wouldn't have been so divided in his forces. America winning the World Wars indeed...
Very well said. Globalization in of itself is simply a macro pattern. Smaller-scale examples include things like inter-personal interraction and cross-tribal socialization. Put a little more banal, globalization is many economies having sex with many other economies, the fruits of which are a synthesis of the players. Instead of eggs and sperm, it's currency, goods and services.
Now, deciding whether that's a good thing or not depends largely on whether you oppose such cross-breeding as policy (which depends on how you define economic "breeds" to begin with), whether you see the behaviors of the alpha mates (CEOs, corrupt governments, etc.) as telling of the pattern itself or if you chose to focus on the benefits of having lots of mates to f*ck or the detriment of having more competition to fight with. Does your personal/local/regional/corporal economy benefit from the hunt or does it suffer from it? Situational bias will determine your take.
Databases and LDAP are different technological approaches to different problems. Relational databases store flat relational information really well, but if you need heirarchical storage, then LDAP is probably a better way to go. That's why it is often used in enterprises rather than database engines to represent users and tiered attributes such as entitlements to different systems, etc. You are right that no perfect solution exists yet, but a lot of companies had great experiences with Novell's NDS (which is heirarchical and based on x.500 and is also what LDAP is based on) and they are moving towards LDAP as the core technology. This way, they can get their Netware, unix, mainframe and web apps to use the same data source for all their authentication and entitlements needs.
I agree that most open source projects end up being largely the work of one or two dedicated individuals, but that doesn't make the bazaar model a myth. In fact, there are plenty of examples on Sourceforge alone to bear that out.
I've been a part of (as well as have led) both OSS and commercial projects and it seems to depends largely on the people. The best thing you can do it work hard to find capable coders and do all you can to keep feeding what is driving them to your project.
Does this effect Telocity/DirectTV customers
on
Rhythms Flatlines
·
· Score: 1
...who used to have Rhythms as their provider? Jeesh I hope not...:-/
Scott
I'm confused - how are graphics designers supposed to visually compose pages with XML? Still sounds to me like composing JSPs with Websphere Studio or similar is the better approach for the visual presentation part. Then use your favorite Java editor for the servlets containing application logic.
Slashdot Mirror
Agreed about JAAS's absence, and I'll pass this book up for that specific reason. I can't think of any security implementation better poised to really benefit J2EE applications than JAAS. Yet its complexity and relative lack of documentation and tutorials involving the most common of scenarios is IMHO really holding it back. It isn't the fault of JAAS itself - granular security isn't child's play, but solid discussions about JAAS-based authentication and authorization implementations are few and far between.
Scott
Such adolescent tripe. If scientists were so innovative they'd figure out a way to feed their families without drawing paychecks from corporations and universities. Go fund a scientist for 5 years at $50,000/yr (oh, and remember to add health insurance, COBRA, SSI and office overhead to that outflow) and tell me you don't have any expectations on what they spend their time on. Hampered indeed.
Scott
Sigh - I've gotta get this off my chest - sorry that it's OT...
If the price they ask is for your safety and security, I bet you'll pay that too.
Sorry AC, I'm not impressed with Holland's recent track record of letting other countries be the security lightning rod of the world while you guys enjoy relative anonymity. Our soldiers over there are fully aware of what they're risking their lives (and sometimes dying) for, and it sure as heck isn't oil. I'd bet that Americans (I'm one of them) would be glad to pay $10 a gallon if it meant safety and security. But with Hussein and the likes receiving those payments, it funds oppression and the support of terrorism (or didn't you see the images of torture chambers in every town and a population afraid to speak). Hey, if you want to feel like you're doing the right thing for the world, get off your armchair and invent better fuel cells, photovoltaics, safer nuclear disposal technologies, or better yet a way to reconcile Islamic Fundamentalism with Western Socio-Capitalism. I'll be the first to hand a Nobel medal on your neck if you do.
Anyway, fuel is the cheapest part of flying general aviation aircraft. Of the $55/hr I spend on my club's Cessna 152, only $18 of that is fuel, while the other $37 goes to insurance, maintenance, bank payments and registration fees. Following your argument, the U.S. should be invading machnine parts suppliers and insurance underwriters...
Scott
In theory, yes, but in practice you just throw cheap hardware at the problem and be done with it. The benefits of a comprehensive, scalable, cohesive yet decoupled Java architecture outweighs the incremental speed reduction. It's the same argument that poor old C++ had to go through when the MASM luddites came knocking at it's doors, torches lit and well in hand... ;-)
No, no, no. Humor aside, XML was never supposed to behave as an access control system. It WAS intended to be a self-describing and self-validating way of encapsulating lots of different kinds of data. It's succeeded, is popular because of that fact, and XACML is an example of how you can even store entitlement logic in XML. Now, with XACML you can implement that same logic not only in Java but also C, C#, PHP, ASP, VB, Perl, and anything else you desire because the rules are stored in a language-independant and platform-independant format. THAT's the main benefit, and Sun should be given credit where credit is due.
alext, you're completely missing the point. Java users have been able to do this for quite some time now. Take a look a JAAS - it is an excellent solution if all you do is Java. But the purpose of describing the access control policies in something language-independant like XML is that, we'll, you can implement it in other languages without having to rewrite both the rules and the access control mechanism. This is darn good stuff actually, and lots of readers here are completely missing it. You and many others are blaming Sun for developing something that can be used for more than just Java! Incredulous...
Because there's no such thing.
I work in a place that's responsible for software with complex business rules surrounding access control (authentication and authorization), written in ASP, Java, Perl, C#, and VB. So then what would YOUR solution be for me? To write separate access control mechanisms for each one in their own languages? Or scrap all of the existing code and pick one language? Or have then all connect externally to a "general-purpose language" and end up dumping all of the dissimilar access control rules into one container and struggle with how to consistently store and implement them?
Sun's done much of that with their new "language" (although I disagree with that description). XML is perfect for storing this kind of information because you have to be able to not only self-describe the access control rules, but also have the flexability to define them in complex and embedded ways.
Looks like an interesting technology to me, and certainly a compliment (if not extension) to JAAS, which is a arguably the most popular public application development security schema around. Unfortunately, it describes its access control rules in Java, not the language-independant XML format in Sun's new technology.
> You shell out the money for it because you need > it.
> If you need it, then it just has to work.
> If it has to work, you'll need support.
> If you need support, you'll need to be on a supported platform.
Excellent summary, I can tell you're an experienced admin, manager and/or developer.
When I have a need to use funky hardware/software combinations, I assess the risks as well as the benefits, and that includes political, maintenance and support considerations. I can't think of a situation where I work that FreeBSD and Oracle would pass that litmus test.
Anyway, I'm not so warm on Solaris 9.x on non-Sun Intel architectures. Sun's support for 8.x on Intel was meager at best, and hardly anything ran on it. We badly wanted to run Solaris on a Compaq Proliant that we had available, but because of the weak support and my company's disinterest in the political risks of Linux, we had to install, yes, Windows.
Avumede,
There is a LOT of merit in your suggestion - and I would have ben taking you up on that one over the last 15 years had it been available on video before now. The release of Koyaanisqatsi on DVD is a truly fantastic thing.
As for your final comment, anyone who discounts this film as "environmentalist, or leftist in some way" simply doesn't know how to let go of their own cognitive investments long enough to accept new ways of looking at things. This film is modern art, and requires the same open mind to appreciate what it has to offer.
Scott
"Perhaps the Purpose of Humanity is to evenly radiate the planet's surface so that the egg can hatch..." - J.S., 1983.
Quick! Someone get funding to study the correlation between computing platforms and penis/breast sizes... I mean, that's where this stupid comparison is really going, isn't it? In 35 scant years of existence I've rarely encountered anyone really smart in one area who didn't pay for it with failings in another. It seems that nature maintains a certain balance that way.
Beisdes, following the same reasoning of this article, you could also say that 403b investors tend on a whole to be more educated than 401k participants. Well, duh!
True, I won't argue with you about the French. The U.S. did indeed save _France_ from occupation, largely due to the Normandy invasion (although the Brits were right there with us). Now France appears to be far more interested in maintaining their business relationships with the Middle East than in helping with America's sudden awareness of the threat of terrorism. I also think your "release valve" point has some truth. Either way, they're not in the same class as England as far as global citizenship is concerned.
America didn't win World War II, the combined forces did. Didn't learn that in history class? Neither did I, but the actual truth is that while Europe would probably have continued to fall to the Nazis over time without America's (significant) participation, don't discount the immense and critical efforts of Russia, England and the other Allied forces. The U.S. was isolationist until we got hit in Perl. The body blow woke us up not only to the Pacific, but to the European theater as well. No doubt the Russians suffered the most, and were it not for their ferocity and steadfastness, Hitler wouldn't have been so divided in his forces. America winning the World Wars indeed...
Nah, he'll just wedge it into another article called "The Globalization of School LAN Parties"...
Very well said. Globalization in of itself is simply a macro pattern. Smaller-scale examples include things like inter-personal interraction and cross-tribal socialization. Put a little more banal, globalization is many economies having sex with many other economies, the fruits of which are a synthesis of the players. Instead of eggs and sperm, it's currency, goods and services.
Now, deciding whether that's a good thing or not depends largely on whether you oppose such cross-breeding as policy (which depends on how you define economic "breeds" to begin with), whether you see the behaviors of the alpha mates (CEOs, corrupt governments, etc.) as telling of the pattern itself or if you chose to focus on the benefits of having lots of mates to f*ck or the detriment of having more competition to fight with. Does your personal/local/regional/corporal economy benefit from the hunt or does it suffer from it? Situational bias will determine your take.
Databases and LDAP are different technological approaches to different problems. Relational databases store flat relational information really well, but if you need heirarchical storage, then LDAP is probably a better way to go. That's why it is often used in enterprises rather than database engines to represent users and tiered attributes such as entitlements to different systems, etc. You are right that no perfect solution exists yet, but a lot of companies had great experiences with Novell's NDS (which is heirarchical and based on x.500 and is also what LDAP is based on) and they are moving towards LDAP as the core technology. This way, they can get their Netware, unix, mainframe and web apps to use the same data source for all their authentication and entitlements needs.
I agree that most open source projects end up being largely the work of one or two dedicated individuals, but that doesn't make the bazaar model a myth. In fact, there are plenty of examples on Sourceforge alone to bear that out.
I've been a part of (as well as have led) both OSS and commercial projects and it seems to depends largely on the people. The best thing you can do it work hard to find capable coders and do all you can to keep feeding what is driving them to your project.
...who used to have Rhythms as their provider? Jeesh I hope not... :-/
Scott
I'm confused - how are graphics designers supposed to visually compose pages with XML? Still sounds to me like composing JSPs with Websphere Studio or similar is the better approach for the visual presentation part. Then use your favorite Java editor for the servlets containing application logic.