Re: [security-dev] Securing TicketMonster with PicketBox Core
On 07/27/2012 11:20 AM, Marius Bogoevici wrote:
Hi Anil,
This looks like a great start. I see that there are quite a few TODO items on the list.
Any timeline on them?
We are working on a lot of things with PicketBox. So we will
tackle
these TODOs one by one with very short implementation cycles. If you are
able to prioritize the todos, it will be helpful.
Here's thought. I think AJAX security can be split into either:
a) REST endpoint security (which goes back to securing the REST endpoint classes)
PicketBox core will have implementations of JSON Security. I am unsure
DS is planning on that. IMO all REST based interactions are either atom
or JSON. What I have seen is json is used in almost all the use cases.
b) URL security
Now for the former, I think we should use the DeltaSpike @Secured facilities (I don't
know exactly in what state they are right now, as existing stuff is interspersed with
roadmap stuff in my head right now).
Marius
On 2012-07-27, at 11:29 AM, Anil Saldhana <Anil.Saldhana(a)redhat.com> wrote:
> https://docs.jboss.org/author/display/SECURITY/TicketMonster
>
> We can discuss about it here.