[
https://issues.apache.org/jira/browse/TOMEE-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16535889#comment-16535889
]
Romain Manni-Bucau commented on TOMEE-1912:
-------------------------------------------
Nothing AFAIK. No strong request too from userland. Bit feel free to do a pr,
we have the wzb.xml model in mem already so sounds doable even if not requested.
> Enable JACC for Servlet
> -----------------------
>
> Key: TOMEE-1912
> URL: https://issues.apache.org/jira/browse/TOMEE-1912
> Project: TomEE
> Issue Type: New Feature
> Affects Versions: 7.0.1
> Reporter: Arjan Tijms
> Priority: Major
> Labels: security
>
> Currently JACC is only enabled for the EJB container in TomEE, but not for
> the Servlet container.
> Practically this means that for the EJB container permissions are collected
> and put into the {{PolicyConfiguration}} and that for access decisions for
> protected EJB beans the {{Policy}} is called. For the Servlet container
> neither happens.
> I would like to request to enable JACC for the Servlet container as well.
> As Geronimo implemented this earlier for Tomcat, it may be possible to look
> at how Geronimo did this (especially the web.xml constraints to
> {{Permission}} collection transformation is not exactly trivial and would be
> beneficial if it could be re-used from Geronimo).
> The Tomcat community itself also demonstrated a mild interest in JACC (very
> small interest perhaps, but it appeared on their roadmap for consideration a
> couple of times), so perhaps some coordination with Mark is possible.
> See also a discussion about this on the [TomEE mailing
> list|http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-td4673113.html].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
