JACC is not a complete delegation of all policy to an external provider. Its a mechanism for externalization the authorization decision when the container decides this is needed based on the web.xml/ejb-jar.xml security constraints. JBAS-2519 should be a feature request to delegate all authorization decisions. This has to be reconciled with the behavior of the request caller identity methods which have historically simply returned null for unsecured resources.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3939325#3939325 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3939325 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
