[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext
anil.saldhana@jboss.com
do-not-reply at jboss.com
Mon Aug 28 15:44:49 EDT 2006
Here is the latest on the SecurityContext.
Associated JIRA issue:
http://jira.jboss.com/jira/browse/JBAS-3576
The current prototype has the following minimal contract:
| package org.jboss.security;
| public class SecurityContext
| {
| public AuthorizationManager getAuthorizationManager(String securityDomain);
| public Group getRoles(String securityDomain);
| }
|
Plugged into an InheritableThreadLocal in SecurityAssociation.
Given this, SecurityAssociationValve in the web layer checks for existence of SC. If not create one and set in the SA and clear it in the finally block (if they had set it). The same is done by the EJB SecurityInterceptor. This ensures that the SC is cleared up.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967906#3967906
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967906
More information about the jboss-dev-forums
mailing list