[
https://issues.apache.org/jira/browse/FC-265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16794267#comment-16794267
]
Shawn McKinney commented on FC-265:
-----------------------------------
Changing the way Apache Fortress Rest accepts credentials for ARBAC02 checks.
Now it will accept the session from the container, produced by Apache Fortress
Realm and serialized via the java.security.principal. The rest runtime will
deserialize that principal into a a core rbac session using api on the Apache
Fortress realm:
```
// Get the security principal from the runtime.
String szPrincipal = httpRequest.getUserPrincipal().toString();
// This has to happen before it can be used by Fortress.
fortress.core.model.Session realmSession =
j2eePolicyMgr.deserialize(szPrincipal);
```
> Delegated Administration Enhancements to Apache Fortress REST
> -------------------------------------------------------------
>
> Key: FC-265
> URL: https://issues.apache.org/jira/browse/FC-265
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 2.0.3
> Reporter: Shawn McKinney
> Assignee: Shawn McKinney
> Priority: Major
> Fix For: 2.0.4
>
>
> Described here:
> http://mail-archives.apache.org/mod_mbox/directory-fortress/201903.mbox/%[email protected]%3e
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
