Leonardo,
On 16/05/2015 21:46, pangalz_at_gmail.com wrote:
> In JavaEE 7 we have some security problems with MDB JMS listeners.
>
> JMS don't have a simple way to propagate the security
> context, so in the MDB listener the user principal is "anonymous".
>
> Currently we can append security credentials with the message and login
> again, but it's big a security hole.
>
> Although we can workaround these issues with interceptors and vendor
> specific security managers, it's a common use case for JavaEE
> applications and an important requirement for cloud/SaaS applications.
>
> I've created an open-source library to get workaround these problems in
> JBoss/WildFly.
> It's called "JBoss Security Extended" and is available on maven central
> with GAV "com.github.panga:jboss-security-extended:1.0.0".
>
> Library source and docs:
> https://github.com/panga/jboss-security-extended
>
> What do you guys think?
>
> Best Regards,
> Leonardo Zanivan
I looked at the page you mentioned above, and I'm not clear to me what you are suggesting. Would you like to follow up
your message with a summary of what you are proposing? I'd be happy to discuss it.
Nigel