[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss 4.2 related discussion
scott.stark@jboss.org
do-not-reply at jboss.com
Thu Feb 22 19:10:39 EST 2007
The PolicyContext would just be a copy even if it was not read-only. One way would be to simply add the roles to the invocation and update the authorization interceptor logic to look there in addition to the RealmMapping.doesUserHaveRole call. Not having the roles assigned to the Subject is the direction we are heading anyway.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4020885#4020885
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4020885
More information about the jboss-dev-forums
mailing list