[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext
anil.saldhana@jboss.com
do-not-reply at jboss.com
Sun Dec 24 23:10:51 EST 2006
I have been thinking about the run-as scenarios. It will not be difficult to define the various semantics of this - in-vm or an explicit trust association (via transport, saml assertion or custom).
One implementation issue I have is how will the client proxy pick up the caller security context that includes any deployment level trust settings without using some kind of a threadlocal stack (one level will be sufficient), just like the current SecurityAssociation stacks. This is really important for inter-vm calls. Some kind of an injection semantics will suffice, but I am not aware of any such setup within JBoss. Any possible ideas here?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3996170#3996170
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3996170
More information about the jboss-dev-forums
mailing list