Hi Oleg
Having to respond to you via Toby's response as for some reason my reader
claims your original post has funny chars in it and won't show it properly !
Anyway, I think:
> > Now JBoss security is optional in the following sense:
> > if client doesn't set Principal, authentication is not performed.
> > I don't see good reasons for this strange rule.
Wow, didn't realise that. That's a huge security hole ! Plug it, plug it
quick !
> > Does anybody see?
> > I propose the following rules:
> > 1) authentication is performed iff the security-manager is set for
> > the given bean.
Yes.
> > 2) it is allowed that security-manager is set, but
> > role-mapping-manager is not set (now this is not allowed).
Nope. Bad idea. I think the role-mapping-manager should be mandatory.
> > In this case:
> > a) throw illegal access exception iff the set of roles for the
> > given method is non-empty,
> > b) isCallerInRole() always returns false
Possibly you might provide a default role-mapping-manager that does this. I
think this is the neatest way to achieve what you are trying without coding
any special-case code into jBoss (IF <no role-mapping-manager> do this ELSE
do that).
Edward
-----Original Message-----
From: Toby Allsopp [mailto:[EMAIL PROTECTED]]
Sent: 20 December 2000 00:09
To: jBoss Developer
Subject: Re: [jBoss-Dev] Optional Security
Makes a lot of sense to me. The trick is to make bad suggestions so that
people have to convince you of the error of your ways. Then, after
putting up a small fight, you make the good suggestion and then
everybody's happy. Or, you could just continue making good suggestions
and save everybody some time :-)
Toby.
Oleg Nitz wrote:
>
> Hey!
>
> Is there anybody out there?
> No objections, no comments, so I'll do the proposed change.
> Any objections or comments now?
> :-)
>
> Oleg
>
> On Tuesday 19 December 2000 02:08, Oleg Nitz wrote:
> > Hi All,
> >
> > Now JBoss security is optional in the following sense:
> > if client doesn't set Principal, authentication is not performed.
> > I don't see good reasons for this strange rule.
> > Does anybody see?
> > I propose the following rules:
> > 1) authentication is performed iff the security-manager is set for
> > the given bean.
> > 2) it is allowed that security-manager is set, but
> > role-mapping-manager is not set (now this is not allowed).
> > In this case:
> > a) throw illegal access exception iff the set of roles for the
> > given method is non-empty,
> > b) isCallerInRole() always returns false
> >
> > Any objections or comments?
> >
> > Regards,
> > Oleg
--
Toby Allsopp
Energy Research Lab
Peace Software International Ltd
Ph +64-9-3730400
