Marcus,
this is in regard to your proposed changes to JBossWebRealm for the
authorization bits.
https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf904...
Previously, AS5/6, we had the JBoss Authorization enabled by default.
IMO for AS7, you have taken the right approach to allow user to
configure whether to use JBoss Authz via jboss-web.xml setting.
We need to get this merged asap such that I can finish the auditing task
I am currently working on.
Regards,
Anil