Re: [jboss-as7-dev] On security context and propagation
On 3/1/2013 6:22 AM, Darran Lofthouse wrote:
So for entry to the server making use of HTTP and SASL based
authentication backed by an IDM instead of JAAS and then converting the
loaded identity into a Subject does sound good.
One point to keep in mind that is different from the JAAS population of
Subjects however is that the IDM approach is not currently expecting to
load roles pro-actively for an identity, instead it is expecting to
respond to isCallerInRole type checks as and when role checks are
required. Applications however do have a finite set of roles used so
there are options here.
Not sure what you're saying here, but the IDM API needs to be able to do
more than isCallerInRole(). See my previous examples.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com