[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Rol

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

"j2ee_junkie" wrote : 
  | Are you saying that Login Modules really should just authenticate, and not authenticate and authorize?
  | 

Seems like the issue being addressed is who populates the Subject with role information (LoginModule or an Authorization aspect).

Decoupling this function from the LoginModule makes perfect sense.

The LoginModule does not do the actual *authorization enforcement*. That function is actually performed by the different layers in the application like (web,EJB,JACC,some XACL module etc)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955962#3955962

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955962

[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Rol

[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Role