Anil Saldhana [
http://community.jboss.org/people/anil.saldhana%40jboss.com] created the
discussion
"Re: Security Configuration in Domain Model - AS7"
To view the discussion, visit:
http://community.jboss.org/message/575183#575183
--------------------------------------------------------------
I am thinking we should choose a better name than "security-manager" given that
people get confused with the Java Security Manager. Can we qualify it further as
authentication-manager, authorization-manager etc, maybe?
Also, in AS5/6, for the web layer, we always go through the authorization layer for
each security check. In my view, we should now stop doing that by default. Let the user
configure that the web authorization goes through PicketBox authorization stack (needed
for JACC, XACML etc). In AS5/6, there is a property that turns off the authz layer. But
since 95% of web deployments dont care about JACC or XACML, we should turn it off by
default/.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/575183#575183]
Start a new discussion in PicketBox Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]