[seam-issues] [JBoss JIRA] (SEAMSECURITY-118) Seam Security documentation issues and comments

Marek Schmidt (Created) (JIRA) jira-events at lists.jboss.org
Fri Oct 14 07:47:18 EDT 2011 

Seam Security documentation issues and comments
-----------------------------------------------

                 Key: SEAMSECURITY-118
                 URL: https://issues.jboss.org/browse/SEAMSECURITY-118
             Project: Seam Security
          Issue Type: Bug
    Affects Versions: 3.1.0.Beta3
            Reporter: Marek Schmidt
             Fix For: 3.1.0.Final


    Security
        1.2.1. Maven Dependencies
             * "<seam.version>3.0.0.Final</seam.version>" should be changed to 3.1.0.Final
             * "<artifactId>seam-security-impl</artifactId>" is no longer valud, should be seam-security (only if the suggested seam version "seam.version" is changed to e.g. 3.1.0.Final in the docs)     

        2.3. Which Authenticator will Seam use?
            * "Seam Config" should be something like "Solder XML Config" instead, mentioned twice

        3.4.3. Applying the binding to your business methods
            * "Seam Catch" should be something like "Solder Exception Handling" instead

        4.2.4. Credential
            * the example of IdentityObjectCredential should probably contain annotations on "IdentityObject identityObject;" for clarity (as the getter is omitted)
                (e.g. @ManyToOne  @JoinColumn(name = "IDENTITY_OBJECT_ID")

        5.2.2.1. Using OpenID as your only authentication method
            * "Seam Config" should be something like "Solder XML Config" instead
            * "<security:Identity>" should be  "<security:IdentityImpl>"
            * "<security:authenticatorClass>org.jboss.seam.security.external.openid.OpenIdAuthenticator</security:authenticator>" is invalid XML  (end tag doesn't match)

        5.2.4. Managing the OpenID authentication process
            * "The API described in this section will likely be changed in a future version of Seam to allow for easier handling of the OpenID authentication lifecycle."
                is this still true? 
            * "The above example assumes that the Seam Servlet module is used to allow injection of the ServletContext."
                this note can probably be removed, as Servlet is now in Solder, or changed to reflect that Solder is now responsible for this.

        Missing Pieces
            # anything from org.jboss.seam.security.annotations.permission and org.jboss.seam.security.permission (Identifier, Permission, SecuredView...) is not documented
                (is it supposed to be working yet?)
            # package org.jboss.seam.security.annotations.rememberme (TokenValue, TokenUsername) is not documented (should it be removed?)
            # security events are not documented (all events from org.jboss.seam.security.events except DeferredAuthenticationEvent, which is mentioned in an OpenID example)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list