This topic describes how the default security manager changed in
the 1.4 release.
Prior to the Discovery Framework 1.4, the default security manager had
the following features:
- It applied filters for any
role to which the user was directly assigned.
- It checked the user's
directly-assigned roles on every request. If the roles were changed, the
security manager would use the new roles.
Starting with version 1.4, the default security manager has the
following changes:
- It applies filters for any
role to which the user is directly assigned, as well as any role assigned to a
user group to which the user is assigned. In other words, the Discovery
Framework now supports both
user:role and
user:group:role.
- For performance reasons, it
no longer checks roles on every request. The user must log out and log in, or
the server must be restarted, in order for role changes to take effect.