[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext

The SecurityContext has to have the authenticated identity(s) as it needs to be a superset of the existing SecurityAssociation context of principal, credential and Subject. I'm thinking of something more like: | class SubjectInfo | { | Principal authenticationPrincipal; | Object authenticationCredential; | Subject subject; | } | class abstract SecurityContext | { | /** Key into the data map for the java.security.acl.Group representing the user roles | Group roles = (Group) sc.getData().get(ROLES); | */ | public final String ROLES = "ROLES"; | ... | | SubjectInfo getSubjectInfo(); | HashMap<String, Object> getData(); | public AuthorizationManager getAuthorizationManager(); | } | We also need an extension of the AuthenticationManager to deal with the mapping of identity and trust. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967970#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...