[jboss-jira] [JBoss JIRA] Closed: (SECURITY-13) Authorization Framework should work off of the roles in the Security Context

Authorization Framework should work off of the roles in the Security Context ---------------------------------------------------------------------------- Key: SECURITY-13 URL: http://jira.jboss.com/jira/browse/SECURITY-13 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public(Everyone can see) Components: JBossSX Affects Versions: 2.0.GA Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0.GA There has been a discussion going on with reference to a Security Context in JBossSX. Refer to the forum thread As it stands, the Security Context is populated with the roles for the authenticated user, but the access checks that are happening (mainly for the jacc layer) needs to move away from the reliance on the role-group placed as a principal in the authenticated subject, but to use the roles in the Security Context.