Re: "Authorization and Security Identity Policy" and JSR250 support

Mon, 07 Jul 2008 07:49:35 -0700 

Luciano,

Is the support for the security annotations complete?  I gave them a try but
ran into a problem.  I see that the policy-security module contains
'skeleton' policy set definitions for the policy sets that are needed to
support the annotations:

    <policySet name="runAs" appliesTo="sca:implementation.java"/>
    <policySet name="allow" appliesTo="sca:implementation.java"/>
    <policySet name="rolesAllowed" appliesTo="sca:implementation.java"/>
    <policySet name="permitAll" appliesTo="sca:implementation.java"/>
    <policySet name="denyAll" appliesTo="sca:implementation.java"/>

JSR250PolicyProcessor constructs the actual policy based on the role names
in the annotation.  It turns off the unresolved flag in the policy model, I
assume in an attempt to bypass resolving the model.  However this does not
appear to work.  During resolve processing, the policy set references are
resolved to the 'skeleton' policy set definitions, causing the policy
content added by the JSR250PolicyProcessor to be lost.

Greg

On Wed, May 28, 2008 at 11:15 PM, Luciano Resende <[EMAIL PROTECTED]>
wrote:

> Support for "Authorization and Security Identity Policy" (rev #661186)
>  is now working, and I have created an iTest (rev #661188) that
> exercise this functionality.
>
> I'm also looking into adding support for JSR250 security annotations,
> basically allowing to define these policies direct into your java
> artifacts.
>
> On Wed, May 28, 2008 at 12:21 AM, Luciano Resende <[EMAIL PROTECTED]>
> wrote:
> > I have started looking at support for "Authorization and Security
> > Identity Policy" and supporting JSR250. Looks like we have the
> > necessary models and some policy definitions.xml available in the
> > policy-security module to support this, but looks like these
> > processors are not hooked up to the overall runtime. Does anybody have
> > more details on this ?
> >
> > --
> > Luciano Resende
> > Apache Tuscany Committer
> > http://people.apache.org/~lresende<http://people.apache.org/%7Elresende>
> > http://lresende.blogspot.com/
> >
>
>
>
> --
> Luciano Resende
> Apache Tuscany Committer
> http://people.apache.org/~lresende <http://people.apache.org/%7Elresende>
> http://lresende.blogspot.com/
>

Reply via email to