You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2009/02/04 01:51:59 UTC
[jira] Closed: (GERONIMO-3964) Concentrate spec security setup for
webapps into one class. Consider not using excluded permissions
[ https://issues.apache.org/jira/browse/GERONIMO-3964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-3964.
----------------------------------
Resolution: Fixed
Trunk has been without excluded permissions for some time and no problems have surfaced.
> Concentrate spec security setup for webapps into one class. Consider not using excluded permissions
> ---------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-3964
> URL: https://issues.apache.org/jira/browse/GERONIMO-3964
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> The security building code is a bit spread out between the jetty/tomcat web module builders, the parent AbstractWebModuleBuilder, and some classes in geronimo-security.
> (1) reorganize this so its easier to understand with all the code in a single package in the abstract web module builder module. Also, only use one call to do all the building.
> (2) Theoretically, excluded permissions are a bit weird.... why not simple not hand out those permissions in the first place? After the reorganization I'm planning to investigate how plausible this is. No excluded permissions fit better into a standard rbac framework and are much easier to think about IMO.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.