roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [Roller-JIRA] Updated: (ROL-1680) Security proposal
Date Tue, 19 Feb 2008 08:43:08 GMT


David Jencks updated ROL-1680:

    Attachment: ROLLER-1680-1.patch

Code implementing the proposal.  In order to try to minimize whitespace changes I generated
this with

svn diff --diff-cmd /usr/bin/diff -x "-b -u" >ROLLER-1680-1.patch

If it doesn't apply well I can try other ways to generate the patch.

Includes a fair number of javadoc fixes that are not related to the patch but were interfering
with my ability to understand if there was an error in the code.

> Security proposal
> -----------------
>                 Key: ROL-1680
>                 URL:
>             Project: Roller
>          Issue Type: Bug
>          Components: Authentication, Roles and Access Controls
>    Affects Versions: 4.1
>            Reporter: David Jencks
>            Assignee: Roller Unassigned
>         Attachments: ROLLER-1680-1.patch
> Goals here are:
> 1. Separate access control decisions from user/permission administration.
> 1.a. separate permissions from any particular permission storage model
> 1.b. use a jacc-like interface for access control decisions, involving submitting a test
permission to a security service.
> 2. Hide the authentication decisions and how the current user is tracked from the business
> See discussion thread on the dev list.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message