[jboss-as7-dev] AS7 Security Integration
Marcus Moyses
mmoyses at redhat.com
Wed Dec 8 15:20:28 EST 2010
I'm starting the security integration this week so please bear with me
in my first steps coding AS7 :).
I will use the ideas discussed in this thread[1] to map the security
container domain model.
Any ideas are welcome.
[1] http://community.jboss.org/thread/154409
On 11/29/2010 12:11 PM, Carlo de Wolf wrote:
> On 11/26/2010 04:41 PM, Remy Maucherat wrote:
>> On Thu, 2010-11-25 at 14:44 -0500, asaldhan at redhat.com wrote:
>>> Those were needed for outgoing calls from the web layer into WS and EJB3 etc.
>>>
>>> But we will try to make it lightweight going forward.
>> The amount of stuff going on proactively due to security is quite
>> amazing at the moment in AS 6, so I think "try to" should be dropped
>> from your statement :)
>>
> I found out that WS actually has got the most ingenious security
> integration of all.
>
> See WebServiceContextJSE and WebServiceContextEJB. Basically they don't
> integrate but call out via some dirty SPI construct.
>
> While in actuality you only need two calls (supposing we do it similar
> to TransactionManager):
>
> Principal securityManager.getSecurityContext().getCallerPrincipal();
>
> boolean securityManager.isCallerInRole(String role);
>
> We need to get rid of the large pieces of code that are currently in
> Servlet and EJB to make it happen.
>
> Carlo
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
--
Marcus Moyses
JBoss Core Developer
JBoss by Red Hat
More information about the jboss-as7-dev
mailing list