[jboss-jira] [JBoss JIRA] Commented: (AS7-1298) JBoss AS 7 doesn't appear to support container-managed security via web.xml and jboss-web.xml

Craig Ringer (JIRA) jira-events at lists.jboss.org
Fri Jul 15 11:37:23 EDT 2011 

    [ https://issues.jboss.org/browse/AS7-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614480#comment-12614480 ] 

Craig Ringer commented on AS7-1298:
-----------------------------------

Note in particular https://docs.jboss.org/author/display/AS7/Security+Subsystem which says:

"When deploying applications to the JBoss Application Server most of the time it is likely that you would be deploying a web application or EJBs and just require a security domain to be defined with login modules to verify the users identity, this chapter aims to provider additional detail regarding the architecture and capability of the security subsystem however if you are just looking to define a security domain and leave the rest to the container please jump to ****************************. -- TODO"

Most of the rest is skeleton. So perhaps support is there, just not really documented, and with some significant limitations (https://issues.jboss.org/browse/AS7-1297). 

> JBoss AS 7 doesn't appear to support container-managed security via web.xml and jboss-web.xml
> ---------------------------------------------------------------------------------------------
>
>                 Key: AS7-1298
>                 URL: https://issues.jboss.org/browse/AS7-1298
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: EJB, Security, Web
>    Affects Versions: 7.0.0.Final
>         Environment: n/a
>            Reporter: Craig Ringer
>            Assignee: Darran Lofthouse
>
> There's no documentation for container-managed security in JBoss AS 7, and the schema for the main jboss config files and jboss-web.xml don't suggest any configuration mechanisms for JAAS realms, principal-to-user/group mappings, etc.
> This is a significant limitation for apps porting from Glassfish 3, which expect to be able to access the current security principal from JNDI or inject it, and expect to be able to declare container-controlled access to particular URLs and different HTTP methods in web.xml.
> Documenting this limitation in AS 7.0.0 would be a big improvement and would save porting time and hassle. Implementing support in a future version would, of course, be ideal.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list