Makes a lot of sense to me. The trick is to make bad suggestions so that
people have to convince you of the error of your ways. Then, after
putting up a small fight, you make the good suggestion and then
everybody's happy. Or, you could just continue making good suggestions
and save everybody some time :-)
Toby.
Oleg Nitz wrote:
>
> Hey!
>
> Is there anybody out there?
> No objections, no comments, so I'll do the proposed change.
> Any objections or comments now?
> :-)
>
> Oleg
>
> On Tuesday 19 December 2000 02:08, Oleg Nitz wrote:
> > Hi All,
> >
> > Now JBoss security is optional in the following sense:
> > if client doesn't set Principal, authentication is not performed.
> > I don't see good reasons for this strange rule.
> > Does anybody see?
> > I propose the following rules:
> > 1) authentication is performed iff the security-manager is set for
> > the given bean.
> > 2) it is allowed that security-manager is set, but
> > role-mapping-manager is not set (now this is not allowed).
> > In this case:
> > a) throw illegal access exception iff the set of roles for the
> > given method is non-empty,
> > b) isCallerInRole() always returns false
> >
> > Any objections or comments?
> >
> > Regards,
> > Oleg
--
Toby Allsopp
Energy Research Lab
Peace Software International Ltd
Ph +64-9-3730400
