You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (JIRA)" <ji...@apache.org> on 2008/12/30 17:26:44 UTC
[jira] Created: (JSEC-41) RealmSecurityManager ensureRealms() -
remove method and its usage
RealmSecurityManager ensureRealms() - remove method and its usage
-----------------------------------------------------------------
Key: JSEC-41
URL: https://issues.apache.org/jira/browse/JSEC-41
Project: JSecurity
Issue Type: Improvement
Components: Authentication (log-in), Authorization (access control), Realms
Affects Versions: 1.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.0
The RealmSecurityManager.ensureRealms() method and its usages should be removed. The underlying delegate Authorizer and/or Authenticator should instead perform this check. That method should probably be moved to each of the abstract parent classes for the Authorizer and Authenticator interface to retain the functionality - just not require it in the SecurityManager directly.
This issue is being raised to resolve the condition when the SecurityManager is a client-tier instance that is really a proxy back to a server-side instance. The client tier instance does not need any realms because all of its calls would be delegated back to the server side one. The ensureRealms() check in this case prevents the client-tier instance from being used (or requires a hack to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (KI-56) RealmSecurityManager ensureRealms() - remove
method and its usage
Posted by "Alan Cabrera (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/KI-56?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alan Cabrera moved JSEC-41 to KI-56:
------------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Realms)
(was: Authorization (access control))
(was: Authentication (log-in))
Affects Version/s: (was: 1.0)
Key: KI-56 (was: JSEC-41)
Project: Ki (was: JSecurity)
> RealmSecurityManager ensureRealms() - remove method and its usage
> -----------------------------------------------------------------
>
> Key: KI-56
> URL: https://issues.apache.org/jira/browse/KI-56
> Project: Ki
> Issue Type: Improvement
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
>
> The RealmSecurityManager.ensureRealms() method and its usages should be removed. The underlying delegate Authorizer and/or Authenticator should instead perform this check. That method should probably be moved to each of the abstract parent classes for the Authorizer and Authenticator interface to retain the functionality - just not require it in the SecurityManager directly.
> This issue is being raised to resolve the condition when the SecurityManager is a client-tier instance that is really a proxy back to a server-side instance. The client tier instance does not need any realms because all of its calls would be delegated back to the server side one. The ensureRealms() check in this case prevents the client-tier instance from being used (or requires a hack to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JSEC-41) RealmSecurityManager ensureRealms() -
remove method and its usage
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSEC-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved JSEC-41.
-------------------------------
Resolution: Fixed
Fixed. Realm configuration assertion checks are now in the delegate Authorizer and Authenticator instances as necessary.
> RealmSecurityManager ensureRealms() - remove method and its usage
> -----------------------------------------------------------------
>
> Key: JSEC-41
> URL: https://issues.apache.org/jira/browse/JSEC-41
> Project: JSecurity
> Issue Type: Improvement
> Components: Authentication (log-in), Authorization (access control), Realms
> Affects Versions: 1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.0
>
>
> The RealmSecurityManager.ensureRealms() method and its usages should be removed. The underlying delegate Authorizer and/or Authenticator should instead perform this check. That method should probably be moved to each of the abstract parent classes for the Authorizer and Authenticator interface to retain the functionality - just not require it in the SecurityManager directly.
> This issue is being raised to resolve the condition when the SecurityManager is a client-tier instance that is really a proxy back to a server-side instance. The client tier instance does not need any realms because all of its calls would be delegated back to the server side one. The ensureRealms() check in this case prevents the client-tier instance from being used (or requires a hack to override that method to do nothing).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.