Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Role
|
From: <sco...@jb...> - 2006-07-06 17:55:40
|
"soh...@jb..." wrote : "j2ee_junkie" wrote : | | Are you saying that Login Modules really should just authenticate, and not authenticate and authorize? | | | | Seems like the issue being addressed is who populates the Subject with role information (LoginModule or an Authorization aspect). | | Decoupling this function from the LoginModule makes perfect sense. | | | The LoginModule does not do the actual *authorization enforcement*. That function is actually performed by the different layers in the application like (web,EJB,JACC,some XACL module etc) Yes, and instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integratin/reuse of authorization aspects. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955965#3955965 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955965 |
