portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <...@douma.nu>
Subject Re: Security DefaultLoginModule.commitSubject() should use Transient Role?
Date Mon, 09 Feb 2009 14:04:03 GMT
Randy Watler wrote:
> Ate/David,
> 
> Just a bookmark email on this question from IRC:
> 
> In DefaultLoginModule.commitSubject() we hack up a persistent RoleImpl 
> to insert into the Subject to indicate the fact that the authenticated 
> users are portal users. Would this be better as a TransientRole instead?
Yes!

> 
> I have already modified the DefaultLoginModule/LoginModuleProxy 
> implementations to be initialized with a RoleManager. From there, I will 
> be able to invoke newRole() or newTransientRole() as you suggest. This 
> is needed since I now have more that one type of role implementation: 
> one for OJB and another for JPA.
+1

Regards,

Ate

> 
> Thanks!
> 
> Randy
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message