[jboss-jira] [JBoss JIRA] Created: (SECURITY-13) Authorization Framework should work off of the roles in the Security Context
Anil Saldhana (JIRA)
jira-events at jboss.com
Tue Oct 17 12:02:41 EDT 2006
Authorization Framework should work off of the roles in the Security Context
----------------------------------------------------------------------------
Key: SECURITY-13
URL: http://jira.jboss.com/jira/browse/SECURITY-13
Project: JBoss Security
Issue Type: Task
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: 2.0
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: 2.0
There has been a discussion going on with reference to a Security Context in JBossSX. Refer to the forum thread
As it stands, the Security Context is populated with the roles for the authenticated user, but the access checks that are happening (mainly for the jacc layer) needs to move away from the reliance on the role-group placed as a principal in the authenticated subject, but to use the roles in the Security Context.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list