[jboss-as7-dev] AS7 Security Integration
Carlo de Wolf
cdewolf at redhat.com
Mon Nov 29 09:11:26 EST 2010
On 11/26/2010 04:41 PM, Remy Maucherat wrote:
> On Thu, 2010-11-25 at 14:44 -0500, asaldhan at redhat.com wrote:
>> Those were needed for outgoing calls from the web layer into WS and EJB3 etc.
>>
>> But we will try to make it lightweight going forward.
> The amount of stuff going on proactively due to security is quite
> amazing at the moment in AS 6, so I think "try to" should be dropped
> from your statement :)
>
I found out that WS actually has got the most ingenious security
integration of all.
See WebServiceContextJSE and WebServiceContextEJB. Basically they don't
integrate but call out via some dirty SPI construct.
While in actuality you only need two calls (supposing we do it similar
to TransactionManager):
Principal securityManager.getSecurityContext().getCallerPrincipal();
boolean securityManager.isCallerInRole(String role);
We need to get rid of the large pieces of code that are currently in
Servlet and EJB to make it happen.
Carlo
More information about the jboss-as7-dev
mailing list