[jboss-dev-forums] [Design of Security on JBoss] - Re: Encrypting attributes/properties of beans
scott.stark@jboss.org
do-not-reply at jboss.com
Mon Mar 24 21:23:49 EDT 2008
Its an aspectization of the JaasSecurityDomain.encode/decode operations, applied to one or more bean properties. How the cipher/parameters for the attribute encryption are integrated into the aspect metadata is one issue.
Before the hitting the write aspect of an encrypted property its clear-text, after its encrypted and this is what is stored in the bean. Likewise, before hitting the read aspect of an encrypted property its encrypted, clear-text after.
The aspect also needs to be applied to metadata sources of the property if were worried about those being saved as can be the case for the profile service.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138613#4138613
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138613
More information about the jboss-dev-forums
mailing list