"anil.saldhana(a)jboss.com" wrote :
| | Most clients (if they used the SecurityAssociation api) will be using on the
client
| | to do a single login for the entire jvm.
| |
|
| What is your personal opinion on this? I know this has been the legacy approach but
what do you think about providing vm-wide security context?
What's wrong with it? We're talking about a traditional client, not a server that
hosts many apps that can't be trusted.
Why can't there just be a mode which enables a global security context?
On the SecurityAssociation itself, I'm not really that worried
since people should always be using JAAS to establish the login,
I'm talking about the new stuff not having the same capabilities.
The real fix is to remove any mentioned of SecurityAssociation from the testsuite.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160322#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...