[jboss-dev-forums] [Design of Security on JBoss] - Re: Security Integration in JBAS5

[scott.stark@jboss.org]

"anil.saldhana at jboss.com" wrote : 
  | c) SecurityContextClassName - The Container creates a security context in the thread of execution. This FQN tells which SecurityContext implementation needs to be created.
  | The container after creating the SC, injects the SecurityManagement instance into the SC, such that whenever any code asks the SC for a SecurityManager, it can delegate it to the SecurityManagement instance.
  | 
  | 
  |   war-deployer-beans.xml
  |   | 
  |   |    <!-- The WebMetaData to service mbean deployer -->
  |   |    <bean name="WarDeployer" class="org.jboss.web.tomcat.service.deployers.Tomcat
  |   | Deployer">
  |   |    ...
  |   |        <!-- Specify a SecurityManagement Wrapper -->
  |   |        <property name="securityManagement">
  |   |          <inject bean="JNDIBasedSecurityManagement"/>
  |   |        </property>
  |   | 
  |   |        <!-- Specify a SecurityContext FQN class name -->
  |   |        <property name="securityContextClassName">org.jboss.security.plugins.JBos
  |   | sSecurityContext</property>
  |   | 
  | 
  | Similar case exists for the EJB deployer.
Ultimately this should be outside of the deployer in the security interceptor configuration. Configs like the ejb3-interceptors-aop.xml should be injecting the Security related beans that are defined in the security-deployer-beans.xml or similar. I don't see these properties in the current TomcatDeployer. Is this checked in?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4085142#4085142

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4085142