[
https://issues.apache.org/jira/browse/JSEC-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved JSEC-41.
-------------------------------
Resolution: Fixed
Fixed. Realm configuration assertion checks are now in the delegate Authorizer
and Authenticator instances as necessary.
> RealmSecurityManager ensureRealms() - remove method and its usage
> -----------------------------------------------------------------
>
> Key: JSEC-41
> URL: https://issues.apache.org/jira/browse/JSEC-41
> Project: JSecurity
> Issue Type: Improvement
> Components: Authentication (log-in), Authorization (access control),
> Realms
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> The RealmSecurityManager.ensureRealms() method and its usages should be
> removed. The underlying delegate Authorizer and/or Authenticator should
> instead perform this check. That method should probably be moved to each of
> the abstract parent classes for the Authorizer and Authenticator interface to
> retain the functionality - just not require it in the SecurityManager
> directly.
> This issue is being raised to resolve the condition when the SecurityManager
> is a client-tier instance that is really a proxy back to a server-side
> instance. The client tier instance does not need any realms because all of
> its calls would be delegated back to the server side one. The ensureRealms()
> check in this case prevents the client-tier instance from being used (or
> requires a hack to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
