geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan <>
Subject Enable Declartive Security in Jetty ?
Date Fri, 17 Sep 2010 07:44:11 GMT
    While looking at some Servlet Security JIRAs, I begun some code
refactors on the SpecSecurityBuilder, including :
    a. Add more Info class for the security configurations, and serialize
those in the .ser file, with them, it would avoid the xml parsing on the
startup time and make the codes look simple
    b. Use ServletContext more in the SpecSecurityBuilder, as it is more
helpful for some calculations, such as get the mapping urls for the target

    To make these functions work, especially the option b. it requires to
enable declarative security in Jetty integration, generally speaking, will
adopt the same way as Tomcat integration does,
    a. create a Wrapper class for ServletContextHandler.Context class, so
that we could monitor those new added dynamic servlets. One thing might be
care is that the codes need to distinguish the servlets from web.xml, as
they are also added by ServletContext now in Jetty.
    b. Add a EventListener to ServletContextHandler, it will be resposible
for the security calculation and fill it into

    Thoughts ?
     To David. I found you did some code changes for Jetty now, and wonder
whether you have bugun some simliar work ?
     Thanks !

View raw message