[jboss-dev-forums] [JBoss AS 7 Development] - Access control notes
Heiko Braun
do-not-reply at jboss.com
Thu Apr 25 03:51:59 EDT 2013
Heiko Braun [https://community.jboss.org/people/heiko.braun] commented on the document
"Access control notes"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-48596#comment-11952
--------------------------------------------------
> consolidate all security configuration in the security "subsystem"
we just need to be clear about the distinction between application level security and domain level security. lack of separation leads to the question how the access control for different roles (i.e. operator vs admin security manager) can be realized.
an operator should be able to modify the application level security but prevented from accessing the domain level security. now if evething resides with the secuirty subsystem, we would either need very fine grained access control rules or a strict separation. My gut feeling tells the later is more comprehensible.
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130425/4583dc5b/attachment.html
More information about the jboss-dev-forums
mailing list