jsr345-experts@ejb-spec.java.net

[jsr345-experts] Re: (EJB_SPEC-94) support any authenticated user role, **, in method permissions and in isCallerInRole

From: Marina Vatkina <marina.vatkina_at_oracle.com>
Date: Thu, 07 Mar 2013 19:42:10 -0800

I uploaded the security chapter with the new role added, to the spec
download area:
http://java.net/projects/ejb-spec/downloads/download/security-chapter-changed.pdf

-marina

On 2/27/13 11:01 AM, Marina Vatkina wrote:
> Experts,
>
> The Servlet spec has added support for the "**" role as
>
> "If the role-name of the security-role to be tested is “**”, and the
> application has NOT declared an application security-role with
> role-name “**”, isUserInRole must only return true if the user has
> been authenticated".
>
> If an application declares the role "**", the declaration and role
> mapping will take the precedence.
>
> Let me know if you see a problem with adding the same to the EJB spec.
>
> thanks,
> -marina
>
> -------- Original Message --------
> Subject: [ejb-spec issues] [JIRA] Created: (EJB_SPEC-94) support any
> authenticated user role, **, in method permissions and in isCallerInRole
> Date: Tue, 26 Feb 2013 03:41:53 +0000 (GMT+00:00)
> From: monzillo (JIRA) <jira-no-reply_at_java.net>
> Reply-To: issues_at_ejb-spec.java.net
> To: issues_at_ejb-spec.java.net
>
>
>
> support any authenticated user role, **, in method permissions and in isCallerInRole
> ------------------------------------------------------------------------------------
>
> Key: EJB_SPEC-94
> URL:http://java.net/jira/browse/EJB_SPEC-94
> Project: ejb-spec
> Issue Type: New Feature
> Reporter: monzillo
>
>
> The following spec additions may be sufficient to support this new feature:
>
> a. amend the description of the isCallerInRole (to say what it means to use ** with this method
>
> b. amend the description of security roles, to introduce this new architected role, **, to say what it means,
> and to say something about how an application declared role with the same name would take precedence.
>
> c. amend the description of p-2-role mapping, to say how this role must be mapped to every authenticated user.
>
> d. and perhaps add something to the description of security-role-refs, to indicate if use of this role in isCallerInRole
> should be declared
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:http://java.net/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:http://www.atlassian.com/software/jira
>
>
>
>