[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss 4.2 related discussion
scott.stark@jboss.org
do-not-reply at jboss.com
Fri Feb 16 20:21:17 EST 2007
We just need to support the introduction of static roles. Where authentication is done to obtain a Subject, a post authentication interceptor can be added to optionally associated deployment level roles + mappings. This interceptor would have to be in between the authentication and authorization interceptors.
In the web container, the construction of the JBossGenericPrincipal roles needs to consult the deployment metadata.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018001#4018001
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018001
More information about the jboss-dev-forums
mailing list