[jboss-as7-dev] Securing the Console
Brian Stansberry
brian.stansberry at redhat.com
Tue Jan 25 15:57:48 EST 2011
On 1/25/11 8:25 AM, Heiko Braun wrote:
>
> On Jan 25, 2011, at 12:35 PM, Darran Lofthouse wrote:
>
>> Another aspect to consider is that values in the model can be described as "read only" and "read write"
>
>
> IMO this distinction doesn't make sense at all. All attributes are read-only by default and for operations you don't know
> if they change state (guess this would be called 'write'). IMO we should drop these weak classifications and simply use a role based approach. Similar to the EE specs. Either can execute the operation or you can't, depending wether or nor you inherit a particular role.
>
Sure, in the end each operation[1] has roles associated with it. This
more a configuration issue; do we require users to specify the roles for
each individual operation, or are there certain common aspects to sets
of operations that can provide a useful shorthand? If there are, we need
to know what they are.
[1] reading/writing an attribute and reading a resource are in the end
just operations
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
More information about the jboss-as7-dev
mailing list