You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Arjan Tijms (JIRA)" <ji...@apache.org> on 2017/10/13 11:29:00 UTC
[jira] [Commented] (TOMEE-1912) Enable JACC for Servlet
[ https://issues.apache.org/jira/browse/TOMEE-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16203407#comment-16203407 ]
Arjan Tijms commented on TOMEE-1912:
------------------------------------
Any updates for this one? With Geronimo having done the web.xml parsing into JACC Permissions before, and TomEE already supporting JACC for EJB, I guess this should be doable?
> Enable JACC for Servlet
> -----------------------
>
> Key: TOMEE-1912
> URL: https://issues.apache.org/jira/browse/TOMEE-1912
> Project: TomEE
> Issue Type: New Feature
> Affects Versions: 7.0.1
> Reporter: Arjan Tijms
> Labels: security
>
> Currently JACC is only enabled for the EJB container in TomEE, but not for the Servlet container.
> Practically this means that for the EJB container permissions are collected and put into the {{PolicyConfiguration}} and that for access decisions for protected EJB beans the {{Policy}} is called. For the Servlet container neither happens.
> I would like to request to enable JACC for the Servlet container as well.
> As Geronimo implemented this earlier for Tomcat, it may be possible to look at how Geronimo did this (especially the web.xml constraints to {{Permission}} collection transformation is not exactly trivial and would be beneficial if it could be re-used from Geronimo).
> The Tomcat community itself also demonstrated a mild interest in JACC (very small interest perhaps, but it appeared on their roadmap for consideration a couple of times), so perhaps some coordination with Mark is possible.
> See also a discussion about this on the [TomEE mailing list|http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-td4673113.html].
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)