[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss 4.2 related discussion
anil.saldhana@jboss.com
do-not-reply at jboss.com
Thu Feb 22 19:15:42 EST 2007
There is no need to add the roles to the invocation. The principal to role mapping can be obtained via the org.jboss.metadata.AssemblyDescriptorMetaData principal to role mapping, which is available on the container passing into the interceptor.
For 5.0, this is not an issue as we can use role mapping logic before authorization in the build up of the security context.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4020890#4020890
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4020890
More information about the jboss-dev-forums
mailing list