Next Generation Security Manager Service ---------------------------------------- Key: JBAS-2602 URL: https://jira.jboss.org/jira/browse/JBAS-2602 Project: JBoss Application Server Issue Type: Task Security Level: Public(Everyone can see) Components: Security Affects Versions: JBossAS-5.0.0.CR2 Reporter: Anil Saldhana Assignee: Anil Saldhana Fix For: JBossAS-5.1.0.Beta1 The current JaasSecurityManagerService is based on Jaas. A new securitymanager service needs to be implemented that considers authentication, authorization and caching along with support for federation. The identity holder should be a custom holder that removes the inflexibility provided by javax.security.auth.Subject, while considering various tokens as Principals (used in federation). Currently, JaasSecurityManager implements AuthenticationManager, RealmMapping The new security service can be JBossSecurityManager implements AuthenticationManager, RealmMapping Forum References: Generalizing the JAAS and JACC service: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72264 Flush security domain cache on sessionInvalidation : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73025 Generic JBossWeb Authentication Framework : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73020 Federated Identity : http://www.jboss.com/index.html?module=bb&op=viewtopic&t=72633