[
https://issues.apache.org/jira/browse/GERONIMO-3964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks closed GERONIMO-3964.
----------------------------------
Resolution: Fixed
Trunk has been without excluded permissions for some time and no problems have
surfaced.
> Concentrate spec security setup for webapps into one class. Consider not
> using excluded permissions
> ---------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-3964
> URL: https://issues.apache.org/jira/browse/GERONIMO-3964
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> The security building code is a bit spread out between the jetty/tomcat web
> module builders, the parent AbstractWebModuleBuilder, and some classes in
> geronimo-security.
> (1) reorganize this so its easier to understand with all the code in a single
> package in the abstract web module builder module. Also, only use one call
> to do all the building.
> (2) Theoretically, excluded permissions are a bit weird.... why not simple
> not hand out those permissions in the first place? After the reorganization
> I'm planning to investigate how plausible this is. No excluded permissions
> fit better into a standard rbac framework and are much easier to think about
> IMO.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
