Authorization Decision can be affected by deployment level roles ---------------------------------------------------------------- Key: SECURITY-19 URL: http://jira.jboss.com/jira/browse/SECURITY-19 Project: JBoss Security Issue Type: Feature Request Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0 Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0 If the user configures roles with principals in the JBoss DD (jboss.xml, jboss-web.xml and jboss-app.xml), these can affect the authorization decision. The Authorization Manager should be aware of these deployment level roles to be passed to the mapping framework (such that if there is an explicit mapping provider that takes into consideration, these deployment level roles), then the overall authorization decision can be affected. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira