Experts,
The Servlet spec has added support for the "**" role as
"If the role-name of the security-role to be tested is “**”, and the
application has NOT declared an application security-role with role-name
“**”, isUserInRole must only return true if the user has been
authenticated".
If an application declares the role "**", the declaration and role
mapping will take the precedence.
Let me know if you see a problem with adding the same to the EJB spec.
thanks,
-marina
-------- Original Message --------
Subject: [ejb-spec issues] [JIRA] Created: (EJB_SPEC-94) support any
authenticated user role, **, in method permissions and in isCallerInRole
Date: Tue, 26 Feb 2013 03:41:53 +0000 (GMT+00:00)
From: monzillo (JIRA) <jira-no-reply_at_java.net>
Reply-To: issues_at_ejb-spec.java.net
To: issues_at_ejb-spec.java.net
support any authenticated user role, **, in method permissions and in isCallerInRole
------------------------------------------------------------------------------------
Key: EJB_SPEC-94
URL:
http://java.net/jira/browse/EJB_SPEC-94
Project: ejb-spec
Issue Type: New Feature
Reporter: monzillo
The following spec additions may be sufficient to support this new feature:
a. amend the description of the isCallerInRole (to say what it means to use ** with this method
b. amend the description of security roles, to introduce this new architected role, **, to say what it means,
and to say something about how an application declared role with the same name would take precedence.
c. amend the description of p-2-role mapping, to say how this role must be mapped to every authenticated user.
d. and perhaps add something to the description of security-role-refs, to indicate if use of this role in isCallerInRole
should be declared
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira