[forge-issues] [JBoss JIRA] (FORGE-821) Plugin to secure application
Vineet Reynolds (JIRA)
jira-events at lists.jboss.org
Tue Apr 16 16:50:53 EDT 2013
[ https://issues.jboss.org/browse/FORGE-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12767800#comment-12767800 ]
Vineet Reynolds commented on FORGE-821:
---------------------------------------
This is primarily a Java EE plugin. Salient notes from the discussion on #forge:
* The plugin should enable Java EE's default security mechanism.
* Providers or other plugins would enable the mechanisms for other security frameworks.
Example use cases would involve:
* {{$ realm setup-groups foo bar}}, or {{$ realm setup-users foo bar}}, {{$ realm setup-roles foo bar}} etc. to setup a security realm
* {{$ cas with-roles foo bar on com.acme.services.ExampleService.service}}
* {{$ web-constraint on /xyz/* for foo bar}}
Note - the above use cases need not be adhered to, in this plugin or in the others. They're a general suggestion.
I'd prefer that a {{ScaffoldProvider}} not apply/generate security constraints on the generated scaffold, until it is known that the provider should do so. That is, unless the {{ScaffoldProvider}} is aware that a certain part of the generated scaffold should be protected, it shouldn't do so by default. For example, if a generated scaffold contains a login page and also have role-based-security, then the scaffold provider may generated appropriate security constraints.
> Plugin to secure application
> ----------------------------
>
> Key: FORGE-821
> URL: https://issues.jboss.org/browse/FORGE-821
> Project: Forge
> Issue Type: Feature Request
> Components: Builtin Plugins, Java EE APIs
> Affects Versions: 1.2.2.Final
> Reporter: George Gastaldi
> Labels: starter
> Fix For: 1.2.4.Final
>
>
> The plugin should primarily:
> - Add a <security-constraint> entry to the web.xml file.
> - Introduce a SecurityFacet for interoperability with other plugins
> - The ScaffoldPlugin could create entries for the login and login-error pages if the SecurityFacet is enabled in the current project
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the forge-issues
mailing list