No, the current implementation has nothing to do with the base vm security policy other than delegating to it for non-JACC permissions. There is no requirement to run with a security manager and establish the java2 permissions for the application. The allowed permissions are derived from the deployment and user roles assigned to the users via JAAS.
In future implementation the overloading of JAAS to obtain the authorization roles from the athentication step will be removed. It will not be using the vm java2 permisson policy files as the source of the permission assigments though. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3850570#3850570 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3850570 ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
