On Sep 17, 2010, at 12:44 AM, Ivan wrote: > Hi, > While looking at some Servlet Security JIRAs, I begun some code refactors > on the SpecSecurityBuilder, including : > a. Add more Info class for the security configurations, and serialize > those in the .ser file, with them, it would avoid the xml parsing on the > startup time and make the codes look simple
excellent idea! > b. Use ServletContext more in the SpecSecurityBuilder, as it is more > helpful for some calculations, such as get the mapping urls for the target > servlet. I'm not sure what you mean here, but I haven't looked closely at SpecSecurityBuilder. Could you be more specific? > > To make these functions work, especially the option b. it requires to > enable declarative security in Jetty integration, generally speaking, will > adopt the same way as Tomcat integration does, > a. create a Wrapper class for ServletContextHandler.Context class, so > that we could monitor those new added dynamic servlets. One thing might be > care is that the codes need to distinguish the servlets from web.xml, as they > are also added by ServletContext now in Jetty. > b. Add a EventListener to ServletContextHandler, it will be resposible > for the security calculation and fill it into > ApplicationPolicyConfigurationManager. > I think you mean "declarative security for servlets added by the addServlet methods on ServletContext"? Jetty will want to deal with that too, so I think putting something in the jetty code that calls out to a security builder of some kind (we can install our own) is the best plan here. Then we shouldn't need more wrapping. Maybe I don't understand exactly what you mean? What would the event listener do? > Thoughts ? > To David. I found you did some code changes for Jetty now, and wonder > whether you have bugun some simliar work ? I was thinking about doing something like this but haven't started anything. I did look a little bit into configuring tomcat using the info tree rather than letting tomcat read the web.xml. I've found a bunch of tomcat problems and spec inconsistencies. I haven't gotten to security configuration yet. thanks david jencks > Thanks ! > -- > Ivan
