RealmSecurityManager ensureRealms() - remove method and its usage
-----------------------------------------------------------------
Key: JSEC-41
URL: https://issues.apache.org/jira/browse/JSEC-41
Project: JSecurity
Issue Type: Improvement
Components: Authentication (log-in), Authorization (access control),
Realms
Affects Versions: 1.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0
The RealmSecurityManager.ensureRealms() method and its usages should be
removed. The underlying delegate Authorizer and/or Authenticator should
instead perform this check. That method should probably be moved to each of
the abstract parent classes for the Authorizer and Authenticator interface to
retain the functionality - just not require it in the SecurityManager directly.
This issue is being raised to resolve the condition when the SecurityManager is
a client-tier instance that is really a proxy back to a server-side instance.
The client tier instance does not need any realms because all of its calls
would be delegated back to the server side one. The ensureRealms() check in
this case prevents the client-tier instance from being used (or requires a hack
to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
