[jboss-dev-forums] [Security Development] New message: "Re: EJB3 security - Skip authorization for @PermiAll?"
ANIL SALDHANA
do-not-reply at jboss.com
Fri Mar 12 12:40:38 EST 2010
JBoss development,
A new message was posted in the thread "EJB3 security - Skip authorization for @PermiAll?":
http://community.jboss.org/message/531678#531678
Author : ANIL SALDHANA
Profile : http://community.jboss.org/people/anil.saldhana@jboss.com
Message:
--------------------------------------------------------------
That behaves as an "unchecked" operation. Now either we can centralize all security operations in the security layer (including the @PA check) or we can add code to the integration layer (here the ejb3 interceptor) to not invoke the security layer, for performance benefit.
For this particular case, it makes sense to do the latter.
--------------------------------------------------------------
To reply to this message visit the message page: http://community.jboss.org/message/531678#531678
More information about the jboss-dev-forums
mailing list