[jira] [Commented] (TOMEE-1912) Enable JACC for Servlet

["Arjan Tijms (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/TOMEE-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16203407#comment-16203407 ] 

Arjan Tijms commented on TOMEE-1912:
------------------------------------

Any updates for this one? With Geronimo having done the web.xml parsing into JACC Permissions before, and TomEE already supporting JACC for EJB, I guess this should be doable?

> Enable JACC for Servlet
> -----------------------
>
>                 Key: TOMEE-1912
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1912
>             Project: TomEE
>          Issue Type: New Feature
>    Affects Versions: 7.0.1
>            Reporter: Arjan Tijms
>              Labels: security
>
> Currently JACC is only enabled for the EJB container in TomEE, but not for the Servlet container. 
> Practically this means that for the EJB container permissions are collected and put into the {{PolicyConfiguration}} and that for access decisions for protected EJB beans the {{Policy}} is called. For the Servlet container neither happens.
> I would like to request to enable JACC for the Servlet container as well.
> As Geronimo implemented this earlier for Tomcat, it may be possible to look at how Geronimo did this (especially the web.xml constraints to {{Permission}} collection transformation is not exactly trivial and would be beneficial if it could be re-used from Geronimo).
> The Tomcat community itself also demonstrated a mild interest in JACC (very small interest perhaps, but it appeared on their roadmap for consideration a couple of times), so perhaps some coordination with Mark is possible.
> See also a discussion about this on the [TomEE mailing list|http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-td4673113.html].



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)