[jboss-as7-dev] On security context and propagation
Bill Burke
bburke at redhat.com
Fri Mar 1 14:10:23 EST 2013
On 3/1/2013 6:22 AM, Darran Lofthouse wrote:
> So for entry to the server making use of HTTP and SASL based
> authentication backed by an IDM instead of JAAS and then converting the
> loaded identity into a Subject does sound good.
>
> One point to keep in mind that is different from the JAAS population of
> Subjects however is that the IDM approach is not currently expecting to
> load roles pro-actively for an identity, instead it is expecting to
> respond to isCallerInRole type checks as and when role checks are
> required. Applications however do have a finite set of roles used so
> there are options here.
>
Not sure what you're saying here, but the IDM API needs to be able to do
more than isCallerInRole(). See my previous examples.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the jboss-as7-dev
mailing list