View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3820545#3820545
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3820545 A question that arises from answering a secured ejb question. Within the pojo that has security interceptors associated with its methods: public class pojo { public void method1() { this.method2(); <--- Is this a secured call? } public void method2() { } } In more detail a usecase: public class pojo { public void method1(String username, char[] password) { // Set a new security identity based on the arguments establish_a_new_security_identity(username, password); <-- This should really be a context sensitve aspect method2(); <-- A coupled context sensitive aspect needs to use the security interceptor here } public void method2() { } } The corrsponding question in the ejb security context was that a user has to do a jaas login within a session bean method, and then depending on whether or not the calls to itself should be secured based on the new identity, he would have to use the session proxy, or this to invoke the calls. When using the session proxy the call would be subject to the security interceptor, using this would bypass the check. If the pojo was to remain independent of container contracts and apis(unlike the ejb spec), context sensitive aspects would be required. In one deployment of this 2 method pojo, the invocation of method2 from method1 is an implementation detail that should be allowed, and ideally would not incur the overhead of having to go out through the container. In another deployment invocation of method2 from method1 should be validating the caller's security context. This is neither a class or instance level aspect as I'm saying a given collection of instances (associated with a pojo container) have a different context sensitive security interceptor. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
