You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2009/01/11 08:47:59 UTC
[jira] Resolved: (JSEC-41) RealmSecurityManager ensureRealms() -
remove method and its usage
[ https://issues.apache.org/jira/browse/JSEC-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved JSEC-41.
-------------------------------
Resolution: Fixed
Fixed. Realm configuration assertion checks are now in the delegate Authorizer and Authenticator instances as necessary.
> RealmSecurityManager ensureRealms() - remove method and its usage
> -----------------------------------------------------------------
>
> Key: JSEC-41
> URL: https://issues.apache.org/jira/browse/JSEC-41
> Project: JSecurity
> Issue Type: Improvement
> Components: Authentication (log-in), Authorization (access control), Realms
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> The RealmSecurityManager.ensureRealms() method and its usages should be removed. The underlying delegate Authorizer and/or Authenticator should instead perform this check. That method should probably be moved to each of the abstract parent classes for the Authorizer and Authenticator interface to retain the functionality - just not require it in the SecurityManager directly.
> This issue is being raised to resolve the condition when the SecurityManager is a client-tier instance that is really a proxy back to a server-side instance. The client tier instance does not need any realms because all of its calls would be delegated back to the server side one. The ensureRealms() check in this case prevents the client-tier instance from being used (or requires a hack to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.