[forge-issues] [JBoss JIRA] (FORGE-821) Plugin to secure application

Vineet Reynolds (JIRA) jira-events at lists.jboss.org
Tue Apr 16 16:50:53 EDT 2013 

    [ https://issues.jboss.org/browse/FORGE-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12767800#comment-12767800 ] 

Vineet Reynolds commented on FORGE-821:
---------------------------------------

This is primarily a Java EE plugin. Salient notes from the discussion on #forge:

* The plugin should enable Java EE's default security mechanism.
* Providers or other plugins would enable the mechanisms for other security frameworks. 

Example use cases would involve:

* {{$ realm setup-groups foo bar}}, or {{$ realm setup-users foo bar}}, {{$ realm setup-roles foo bar}} etc. to setup a security realm
* {{$ cas with-roles foo bar on com.acme.services.ExampleService.service}}
* {{$ web-constraint on /xyz/* for foo bar}}

Note - the above use cases need not be adhered to, in this plugin or in the others. They're a general suggestion.

I'd prefer that a {{ScaffoldProvider}} not apply/generate security constraints on the generated scaffold, until it is known that the provider should do so. That is, unless the {{ScaffoldProvider}} is aware that a certain part of the generated scaffold should be protected, it shouldn't do so by default. For example, if a generated scaffold contains a login page and also have role-based-security, then the scaffold provider may generated appropriate security constraints.
                
> Plugin to secure application
> ----------------------------
>
>                 Key: FORGE-821
>                 URL: https://issues.jboss.org/browse/FORGE-821
>             Project: Forge
>          Issue Type: Feature Request
>          Components: Builtin Plugins, Java EE APIs
>    Affects Versions: 1.2.2.Final
>            Reporter: George Gastaldi
>              Labels: starter
>             Fix For: 1.2.4.Final
>
>
> The plugin should primarily: 
> - Add a <security-constraint> entry to the web.xml file.
> - Introduce a SecurityFacet for interoperability with other plugins
> - The ScaffoldPlugin could create entries for the login and login-error pages if the SecurityFacet is enabled in the current project

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the forge-issues mailing list