Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 3851 invoked from network); 17 Apr 2008 23:04:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Apr 2008 23:04:32 -0000 Received: (qmail 45244 invoked by uid 500); 17 Apr 2008 23:04:32 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 45174 invoked by uid 500); 17 Apr 2008 23:04:32 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 45163 invoked by uid 99); 17 Apr 2008 23:04:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Apr 2008 16:04:32 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Apr 2008 23:03:57 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 14588234C0DF for ; Thu, 17 Apr 2008 16:01:22 -0700 (PDT) Message-ID: <1743141835.1208473282082.JavaMail.jira@brutus> Date: Thu, 17 Apr 2008 16:01:22 -0700 (PDT) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-3964) Concentrate spec security setup for webapps into one class. Consider not using excluded permissions In-Reply-To: <1367194304.1208468601492.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-3964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12590233#action_12590233 ] David Jencks commented on GERONIMO-3964: ---------------------------------------- Reorganization done in rev 649325 > Concentrate spec security setup for webapps into one class. Consider not using excluded permissions > --------------------------------------------------------------------------------------------------- > > Key: GERONIMO-3964 > URL: https://issues.apache.org/jira/browse/GERONIMO-3964 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.2 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 2.2 > > > The security building code is a bit spread out between the jetty/tomcat web module builders, the parent AbstractWebModuleBuilder, and some classes in geronimo-security. > (1) reorganize this so its easier to understand with all the code in a single package in the abstract web module builder module. Also, only use one call to do all the building. > (2) Theoretically, excluded permissions are a bit weird.... why not simple not hand out those permissions in the first place? After the reorganization I'm planning to investigate how plausible this is. No excluded permissions fit better into a standard rbac framework and are much easier to think about IMO. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.