[ https://issues.apache.org/jira/browse/TOMEE-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16535889#comment-16535889 ]
Romain Manni-Bucau commented on TOMEE-1912: ------------------------------------------- Nothing AFAIK. No strong request too from userland. Bit feel free to do a pr, we have the wzb.xml model in mem already so sounds doable even if not requested. > Enable JACC for Servlet > ----------------------- > > Key: TOMEE-1912 > URL: https://issues.apache.org/jira/browse/TOMEE-1912 > Project: TomEE > Issue Type: New Feature > Affects Versions: 7.0.1 > Reporter: Arjan Tijms > Priority: Major > Labels: security > > Currently JACC is only enabled for the EJB container in TomEE, but not for > the Servlet container. > Practically this means that for the EJB container permissions are collected > and put into the {{PolicyConfiguration}} and that for access decisions for > protected EJB beans the {{Policy}} is called. For the Servlet container > neither happens. > I would like to request to enable JACC for the Servlet container as well. > As Geronimo implemented this earlier for Tomcat, it may be possible to look > at how Geronimo did this (especially the web.xml constraints to > {{Permission}} collection transformation is not exactly trivial and would be > beneficial if it could be re-used from Geronimo). > The Tomcat community itself also demonstrated a mild interest in JACC (very > small interest perhaps, but it appeared on their roadmap for consideration a > couple of times), so perhaps some coordination with Mark is possible. > See also a discussion about this on the [TomEE mailing > list|http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-td4673113.html]. -- This message was sent by Atlassian JIRA (v7.6.3#76005)