[jboss-as7-dev] Web Authorization and Audit

Anil Saldhana Anil.Saldhana at redhat.com
Wed Oct 19 17:30:17 EDT 2011 

Bill,
   here is an article that I wrote to basically dump my understanding.
http://community.jboss.org/wiki/PrimerOnWebSecurityInJBossAS

I know it is not comprehensive and you need more information, but it is 
a start.

Regards,
Anil

On 10/18/2011 11:30 AM, Anil Saldhana wrote:
> Bill,
>    I agree on the usable security part of the arguments and we will do
> whatever we can.
>
> Typically, I write articles such as the ones for JBoss AS5.1
> http://java.dzone.com/users/janilsal
>
> This is what I have for AS7.1
> http://community.jboss.org/wiki/JBossAS7SecurityDomainModel
> http://community.jboss.org/wiki/JBossAS7SecurityAuditing
>
> I will provide a writeup on the EE web security you have asked for,
> later in the day.
>
> Regards,
> Anil
>
> On 10/18/2011 10:33 AM, Bill Burke wrote:
>> Would be cool to see a very small writeup (even just an example
>> web.xml/jboss-web.xml) that shows:
>>
>> a) What we *have* to support because of Java EE 6.
>>
>> b) What we *actually* want users to use.
>>
>> Having feature checkmarks is great, but these security interfaces really
>> need a facelift.  It still doesn't seem like a lot of effort is being
>> put into the usability of both consuming a security plugin and writing one.
>>
>> On 10/18/11 10:09 AM, Anil Saldhana wrote:
>>> Marcus,
>>>       this is in regard to your proposed changes to JBossWebRealm for the
>>> authorization bits.
>>>
>>> https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf90474e49aa5a8
>>>
>>> Previously, AS5/6, we had the JBoss Authorization enabled by default.
>>> IMO for AS7, you have taken the right approach to allow user to
>>> configure whether to use JBoss Authz via jboss-web.xml setting.
>>>
>>> We need to get this merged asap such that I can finish the auditing task
>>> I am currently working on.
>>>
>>> Regards,
>>> Anil
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

More information about the jboss-as7-dev mailing list