[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityAssociation no loger valid in remote client
scott.stark@jboss.org
do-not-reply at jboss.com
Fri Apr 27 11:04:20 EDT 2007
In general that has to be a security aspect in the call chain to ensure a proper security context. This gets back to the cluster question you had earlier. The form of the incoming security context may need to be mapped into another form. Any existing usage of the SecurityAssociation outside of a security interceptor is broken code. Either it needs to be using a public authentication api, or it needs to be moved into a security aspect that can be kept in sync with implementation details.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041439#4041439
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041439
More information about the jboss-dev-forums
mailing list