[jboss-dev-forums] [Design of Security on JBoss] - Tomcat GenericPrincipal and JBossGenericPrincipal
anil.saldhana@jboss.com
do-not-reply at jboss.com
Tue Oct 30 14:12:00 EDT 2007
http://anonsvn.jboss.org/repos/jbossas/trunk/tomcat/src/main/org/jboss/web/tomcat/security/JBossGenericPrincipal.java
Our Tomcat layer uses JBossGenericPrincipal to basically tie in some additional semantics like callerprincipal etc to the tomcat caching principal.
I am wondering if this is really an hindrance to users who want to plug in their own realms and create their versions of the GenericPrincipal.
If our code does an instanceof checks, then that is fine. But if we are casting principals in to JGP, then that is a definite No-No for customization.
Thinking out loud.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4100401#4100401
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4100401
More information about the jboss-dev-forums
mailing list