portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject Security DefaultLoginModule.commitSubject() should use Transient Role?
Date Mon, 09 Feb 2009 09:49:44 GMT

Just a bookmark email on this question from IRC:

In DefaultLoginModule.commitSubject() we hack up a persistent RoleImpl 
to insert into the Subject to indicate the fact that the authenticated 
users are portal users. Would this be better as a TransientRole instead?

I have already modified the DefaultLoginModule/LoginModuleProxy 
implementations to be initialized with a RoleManager. From there, I will 
be able to invoke newRole() or newTransientRole() as you suggest. This 
is needed since I now have more that one type of role implementation: 
one for OJB and another for JPA.



To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message