[jira] [Commented] (QPID-5567) [Java Broker] Remove SecurityManager "CurrentSubject" thread local, and always use the subject from the current AccessControlContext

Rob Godfrey (JIRA) Mon, 03 Mar 2014 11:12:48 -0800

    [ 
https://issues.apache.org/jira/browse/QPID-5567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13918444#comment-13918444
 ]


Rob Godfrey commented on QPID-5567:
-----------------------------------

Updated to address Robbie's comments

> [Java Broker] Remove SecurityManager "CurrentSubject" thread local, and 
> always use the subject from the current AccessControlContext
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-5567
>                 URL: https://issues.apache.org/jira/browse/QPID-5567
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Rob Godfrey
>            Assignee: Rob Godfrey
>             Fix For: 0.27
>
>
> Rather than invent our own security context, we should use the one Java 
> provides.
> Moreover since we perform security checks based on the Connection and Session 
> of the user, we should add these as "Principals" of the current subject.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (QPID-5567) [Java Broker] Remove SecurityManager "CurrentSubject" thread local, and always use the subject from the current AccessControlContext

Reply via email to