Concentrate spec security setup for webapps into one class. Consider not using
excluded permissions
---------------------------------------------------------------------------------------------------
Key: GERONIMO-3964
URL: https://issues.apache.org/jira/browse/GERONIMO-3964
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.2
Reporter: David Jencks
Assignee: David Jencks
Fix For: 2.2
The security building code is a bit spread out between the jetty/tomcat web
module builders, the parent AbstractWebModuleBuilder, and some classes in
geronimo-security.
(1) reorganize this so its easier to understand with all the code in a single
package in the abstract web module builder module. Also, only use one call to
do all the building.
(2) Theoretically, excluded permissions are a bit weird.... why not simple not
hand out those permissions in the first place? After the reorganization I'm
planning to investigate how plausible this is. No excluded permissions fit
better into a standard rbac framework and are much easier to think about IMO.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
