Re: [securityfilter-devel] Early authorization in sf
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Re: [securityfilter-devel] Early authorization in sf
|
From: Christopher S. <ch...@ch...> - 2008-06-12 13:02:22
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, Christopher Schultz wrote: | So, "early authorization" is, in fact, not early at all (I had been | using a method that is called before the authentication to determine if | the request is authorized before any additional processing occurs). | Thus, all authorization may be performed /after/ authentication. I just realized that some stuff needs to be performed early: - - transport-guarantee check - - short-circuit of "no roles" checking for a security-constraint ~ (auto-constraint with no defined roles => forbidden) Unless one of those things occurs, processing will continue with authentication. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhRHlIACgkQ9CaO5/Lv0PBw6QCgovzYpI+FP1MFPnvDts+717dF gUYAn145Y9G52RZ+aqjRd6M90T+vftn7 =3mC8 -----END PGP SIGNATURE----- |
