[jboss-as7-dev] Web Authorization and Audit
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Oct 18 12:30:33 EDT 2011
Bill,
I agree on the usable security part of the arguments and we will do
whatever we can.
Typically, I write articles such as the ones for JBoss AS5.1
http://java.dzone.com/users/janilsal
This is what I have for AS7.1
http://community.jboss.org/wiki/JBossAS7SecurityDomainModel
http://community.jboss.org/wiki/JBossAS7SecurityAuditing
I will provide a writeup on the EE web security you have asked for,
later in the day.
Regards,
Anil
On 10/18/2011 10:33 AM, Bill Burke wrote:
> Would be cool to see a very small writeup (even just an example
> web.xml/jboss-web.xml) that shows:
>
> a) What we *have* to support because of Java EE 6.
>
> b) What we *actually* want users to use.
>
> Having feature checkmarks is great, but these security interfaces really
> need a facelift. It still doesn't seem like a lot of effort is being
> put into the usability of both consuming a security plugin and writing one.
>
> On 10/18/11 10:09 AM, Anil Saldhana wrote:
>> Marcus,
>> this is in regard to your proposed changes to JBossWebRealm for the
>> authorization bits.
>>
>> https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf90474e49aa5a8
>>
>> Previously, AS5/6, we had the JBoss Authorization enabled by default.
>> IMO for AS7, you have taken the right approach to allow user to
>> configure whether to use JBoss Authz via jboss-web.xml setting.
>>
>> We need to get this merged asap such that I can finish the auditing task
>> I am currently working on.
>>
>> Regards,
>> Anil
More information about the jboss-as7-dev
mailing list