[jboss-dev-forums] [Design of Security on JBoss] - SecurityContext
anil.saldhana@jboss.com
do-not-reply at jboss.com
Sat Aug 19 15:11:06 EDT 2006
>From Scott's quote:
instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integratin/reuse of authorization aspects.
There is a need for an unified Security Context that holds both the authentication and authorization aspects together. I would like to get ideas on this from the community.
We already have SecurityAssociation acting as a central security floater (that takes care of the subject/runasidentity etc).
Where would this Security Context reside?
In my experiment, I tried a SC that was fitted inside the SA in a threadlocal, but ran into thread safety issues.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966261#3966261
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966261
More information about the jboss-dev-forums
mailing list