[jboss-jira] [JBoss JIRA] Commented: (SECURITY-258) Integrate the ACL engine with the AS security framework

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Tue Jul 8 17:49:26 EDT 2008 

    [ http://jira.jboss.com/jira/browse/SECURITY-258?page=comments#action_12420493 ] 
            
Stefan Guilhen commented on SECURITY-258:
-----------------------------------------

As ACL providers are configured in application policies separately from the authorization providers, I'm considering creating an ACLManager that can be injected into other beans and moving the getEntitlements method from AuthorizationManager to ACLManager.

MC beans that want to invoke the ACL engine would configure the providers in an application policy and then get a reference to ACLManager through injection:

   <application-policy xmlns="urn:jboss:security-beans:1.0" name="policy">
      <authentication>
      ....
      </authentication>
      <acl>
         <acl-module code="org.jboss.security.acl.ACLProviderImpl" flag="required">
            <module-option name="persistenceStrategy">org.jboss.security.acl.JPAPersistenceStrategy</module-option>
         </acl-module>
      </acl>
   </application-policy>

   <bean name="some-bean" class="org.jboss.test.Pojo">
      <property name="aclManager"><inject bean="policy" property="aclManager"/></property>
   </bean>

> Integrate the ACL engine with the AS security framework
> -------------------------------------------------------
>
>                 Key: SECURITY-258
>                 URL: http://jira.jboss.com/jira/browse/SECURITY-258
>             Project: JBoss Security and Identity Management
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: AS-Integration
>    Affects Versions: 2.0.2.CR6
>            Reporter: Stefan Guilhen
>         Assigned To: Stefan Guilhen
>             Fix For: 2.0.2.GA
>
>
> Make the ACL providers accessible to the AS. Applications must be able to invoke the configured providers to enforce instance-based authorization and also query the privileges that have been entitled to a particular identity.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list