Here is the latest on the SecurityContext.
Associated JIRA issue:
http://jira.jboss.com/jira/browse/JBAS-3576
The current prototype has the following minimal contract:
| package org.jboss.security;
| public class SecurityContext
| {
| public AuthorizationManager getAuthorizationManager(String securityDomain);
| public Group getRoles(String securityDomain);
| }
|
Plugged into an InheritableThreadLocal in SecurityAssociation.
Given this, SecurityAssociationValve in the web layer checks for existence of SC. If not
create one and set in the SA and clear it in the finally block (if they had set it). The
same is done by the EJB SecurityInterceptor. This ensures that the SC is cleared up.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967906#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...