Re: [jboss-as7-dev] AS7 Security Integration

On 11/26/2010 04:41 PM, Remy Maucherat wrote: > On Thu, 2010-11-25 at 14:44 -0500, asaldhan(a)redhat.com wrote: >> Those were needed for outgoing calls from the web layer into WS and EJB3 etc. >> >> But we will try to make it lightweight going forward. > The amount of stuff going on proactively due to security is quite > amazing at the moment in AS 6, so I think "try to" should be dropped > from your statement :) > I found out that WS actually has got the most ingenious security integration of all. See WebServiceContextJSE and WebServiceContextEJB. Basically they don't integrate but call out via some dirty SPI construct. While in actuality you only need two calls (supposing we do it similar to TransactionManager): Principal securityManager.getSecurityContext().getCallerPrincipal(); boolean securityManager.isCallerInRole(String role); We need to get rid of the large pieces of code that are currently in Servlet and EJB to make it happen. Carlo _______________________________________________ jboss-as7-dev mailing list jboss-as7-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-as7-dev