You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Christian Schneider (JIRA)" <ji...@apache.org> on 2011/02/10 00:12:57 UTC
[jira] Commented: (CXF-3322) Introduce the extended SecurityContext
interface
[ https://issues.apache.org/jira/browse/CXF-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12992782#comment-12992782 ]
Christian Schneider commented on CXF-3322:
------------------------------------------
Hi Sergey,
I propose to express roles simply as String. That should be enough for most contexts. I think roles should not be of type Principal.
So I propose to add Set<String> getRoles() to SecurityContext are to interface that implements SecurityContext.
Additionally we could have a JaasLoginContext implements the above and also has Subject getSubject().
What do you think?
Christian
> Introduce the extended SecurityContext interface
> ------------------------------------------------
>
> Key: CXF-3322
> URL: https://issues.apache.org/jira/browse/CXF-3322
> Project: CXF
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.3.2
> Reporter: Sergey Beryozkin
> Fix For: 2.4, 2.3.3
>
>
> As discussed with Christian, it would be handy to have an access to the list of roles and possibly Subject representing a current authenticated Principal. That will be useful for the advanced context propagation cases work better.
> CXF SecurityContexts can optionally implement it and then CXF interceptors sitting after JAASLoginInterceptor or WS-Security related authorization interceptors can get the list of roles or the Subject and wrap into Spring Security contexts, etc, etc
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira