[jboss-as7-dev] web security extensions

Darran Lofthouse darran.lofthouse at jboss.com
Wed Jun 8 10:03:48 EDT 2011


How about at least restoring the behaviour that was present in previous 
AS releases to define custom auth-methods?

On 06/08/2011 02:55 PM, Remy Maucherat wrote:
> On Wed, 2011-06-08 at 09:23 -0400, Bill Burke wrote:
>> In this manner, multiple web apps could use the same security domain and
>> you wouldn't have to change their config if you wanted to change the
>> authentication method.  The security domain has complete control over
>> the authentication mechanism.  You could take this even further fully
>> delegate security constraint application to the security domain.  THis
>> would be very interesting as then an Identity Management service could
>> have complete control over security metadata without having to modify
>> the WAR.
>
> I won't do this, since:
> - Editing web.xml is editing the war
> - It makes the war non portable, while jboss-web.xml does not affect
> this; so any proprietary element should stay in jboss-web.xml.
>
> BTW, jboss-web.xml is not part of the domain model.
>



More information about the jboss-as7-dev mailing list