[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Rol

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

"sco...@jb..." wrote :  
  | Yes, and instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integratin/reuse of authorization aspects.
  | 

We can do the cleaning up of the security context clean up in the time frame of JBoss 5.0.0.GA (50%) or 5.0.1 (100%). 

I am wondering how difficult will it be for those users who have customized JBoss security or have had deeper integration, because keeping the overloaded subject with the roles/calleridentity/runasidentity logic after the cleanup, for backward compatibility, will be a nightmare in terms of manageability/complexity.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956625#3956625

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956625

[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Rol

[Jboss-dev-forums] [Design of Security on JBoss] - Re: Mapping Application Roles to Declarative Role