[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityAssociation no loger valid in remote client
anil.saldhana@jboss.com
do-not-reply at jboss.com
Fri Apr 27 13:10:52 EDT 2007
I had a discussion with Scott on this. The invocation object creators should not be dealing with the security aspects. I will need to establish the security aspects via an interceptor after the container.
For the client side, people should not be doing any direct SecurityAssociation stuff. JAAS is ok. The security project should really be providing a client SPI for clients to use. JAAS etc should be an internal detail of the SPI. GSS/SASL type of framework is where we intend to go towards that will provide pluggable aspects semantics for security.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041485#4041485
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041485
More information about the jboss-dev-forums
mailing list