[jboss-as7-dev] Web Authorization and Audit
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Oct 18 11:30:20 EDT 2011
On 10/18/2011 10:19 AM, Remy Maucherat wrote:
> On Tue, 2011-10-18 at 09:09 -0500, Anil Saldhana wrote:
>> Marcus,
>> this is in regard to your proposed changes to JBossWebRealm for the
>> authorization bits.
>>
>> https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf90474e49aa5a8
>>
>> Previously, AS5/6, we had the JBoss Authorization enabled by default.
>> IMO for AS7, you have taken the right approach to allow user to
>> configure whether to use JBoss Authz via jboss-web.xml setting.
> I didn't know what the default value for the useJBossAuthorization flag
> was supposed to be, so feel free to propose changing it.
>
Remy, it should be false by default. We do not want it enabled until
user wants to either use JACC or XACML or wants to write custom
authorization.
More information about the jboss-as7-dev
mailing list