[jboss-dev-forums] [Design of Security on JBoss] - Re: Legacy client SecurityAssociation
anil.saldhana@jboss.com
do-not-reply at jboss.com
Tue Jun 24 14:26:51 EDT 2008
The issue exists here:
http://anonsvn.jboss.org/repos/jbossas/trunk/server/src/main/org/jboss/proxy/SecurityActions.java
for the
http://anonsvn.jboss.org/repos/jbossas/trunk/server/src/main/org/jboss/proxy/SecurityInterceptor.java
The Client Side SecurityInterceptor has no clue whether the user used the legacy SecurityAssociation or the newer SecurityClient.
I can add additional logic to see if SA.getServer == false, then also consider sa.getprincipal, sa.getcredential as a potential provider of security context.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160319#4160319
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160319
More information about the jboss-dev-forums
mailing list