[jboss-dev-forums] [Design of Security on JBoss] - Re: Legacy client SecurityAssociation
adrian@jboss.org
do-not-reply at jboss.com
Tue Jun 24 14:51:18 EDT 2008
"anil.saldhana at jboss.com" wrote :
| | Most clients (if they used the SecurityAssociation api) will be using on the client
| | to do a single login for the entire jvm.
| |
|
| What is your personal opinion on this? I know this has been the legacy approach but what do you think about providing vm-wide security context?
What's wrong with it? We're talking about a traditional client, not a server that
hosts many apps that can't be trusted.
Why can't there just be a mode which enables a global security context?
On the SecurityAssociation itself, I'm not really that worried
since people should always be using JAAS to establish the login,
I'm talking about the new stuff not having the same capabilities.
The real fix is to remove any mentioned of SecurityAssociation from the testsuite.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160322#4160322
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160322
More information about the jboss-dev-forums
mailing list