[jboss-dev-forums] [JBoss AS7 Development] - Re: JBoss AS7: Brainstorm Admin Console Security Tab
Anil Saldhana
do-not-reply at jboss.com
Fri Nov 11 11:03:39 EST 2011
Anil Saldhana [http://community.jboss.org/people/anil.saldhana] created the discussion
"Re: JBoss AS7: Brainstorm Admin Console Security Tab"
To view the discussion, visit: http://community.jboss.org/message/636184#636184
--------------------------------------------------------------
> Jason Greene wrote:
>
> > Anil Saldhana wrote:
> >
> > Security Domains need to have CRUD capabilities. The CRUD should not require server restart.
>
> Just a note that my refactor adds the ability to restart a domain without requiring a restart but that means any service which depends on that security domain (perhaps a deployment) will be restarted as well. For this reason the default is to put the server in a state where it must be restarted at the next opportunity for the change to take affect.
Jason, I do not think the services that depend on a security domain need to be restarted. Some of the reasons are as follows:
* The PicketBox layer has an authentication cache that may have stale information. So that needs to be flushed for the security domain that was restarted.
* Web layer caches the roles in the tomcat generic principal in the catalina session. So the security domain changes may require the currently authenticated user to have different roles, than what is currently available in the cached user principal. But I am sure it is good to invalidate the session principal or try to do authentication again, as it may have an effect on the user experience.
* All the other layers - ejb3, hornetq, jca etc are not affected by the security domain restart.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/636184#636184]
Start a new discussion in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111111/c140dc03/attachment.html
More information about the jboss-dev-forums
mailing list