[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Aug 30 13:54:11 EDT 2006
Similar to the SPNEGO authentication sequence because the trust decision (if using SAML) can involve http redirects before the correct saml token arrives with the necessary information (the other alternative is the backdoor soap interaction). That was my reference wrt JASPI.
For the trust spi, how does the following look:
| /**
| Principal can be null. The Contextual map can contain additional subjectInfo plus other info including a SAML Token assertion/domainInfo from the source application domain
| */
| Principal getTargetIdentity(Principal p, Map contextualMap);
|
If there is a need to know additional information about the target identity (like roles), then we will need another method in the authorization manager (The AM implementation will have to query for the attributes of the identity from an external application domain):
| Group getTargetRoles(Principal targetIdentity, Map contextualMap)
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968450#3968450
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3968450
More information about the jboss-dev-forums
mailing list