cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Schneider (JIRA)" <>
Subject [jira] Commented: (CXF-3322) Introduce the extended SecurityContext interface
Date Wed, 09 Feb 2011 23:12:57 GMT


Christian Schneider commented on CXF-3322:

Hi Sergey,

I propose to express roles simply as String. That should be enough for most contexts. I think
roles should not be of type Principal.
So I propose to add Set<String> getRoles() to SecurityContext are to interface that
implements SecurityContext. 

Additionally we could have a JaasLoginContext implements the above and also has Subject getSubject().
What do you think?


> Introduce the extended SecurityContext interface
> ------------------------------------------------
>                 Key: CXF-3322
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.3.2
>            Reporter: Sergey Beryozkin
>             Fix For: 2.4, 2.3.3
> As discussed with Christian, it would be handy to have an access to the list of roles
and possibly Subject representing a current authenticated Principal. That will be useful for
the advanced context propagation cases work better.
> CXF SecurityContexts can optionally implement it and then CXF interceptors sitting after
JAASLoginInterceptor or WS-Security related authorization interceptors can get the list of
roles or the Subject and wrap into Spring Security contexts, etc, etc

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message