[jboss-as7-dev] Web Authorization and Audit
Bill Burke
bburke at redhat.com
Tue Oct 18 11:33:56 EDT 2011
Would be cool to see a very small writeup (even just an example
web.xml/jboss-web.xml) that shows:
a) What we *have* to support because of Java EE 6.
b) What we *actually* want users to use.
Having feature checkmarks is great, but these security interfaces really
need a facelift. It still doesn't seem like a lot of effort is being
put into the usability of both consuming a security plugin and writing one.
On 10/18/11 10:09 AM, Anil Saldhana wrote:
> Marcus,
> this is in regard to your proposed changes to JBossWebRealm for the
> authorization bits.
>
> https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf90474e49aa5a8
>
> Previously, AS5/6, we had the JBoss Authorization enabled by default.
> IMO for AS7, you have taken the right approach to allow user to
> configure whether to use JBoss Authz via jboss-web.xml setting.
>
> We need to get this merged asap such that I can finish the auditing task
> I am currently working on.
>
> Regards,
> Anil
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the jboss-as7-dev
mailing list