Toby,
Thank you so much, now I know that I'm not alone in the Universe ;-)
Oleg
On Wednesday 20 December 2000 02:09, Toby Allsopp wrote:
> Makes a lot of sense to me. The trick is to make bad suggestions so
> that people have to convince you of the error of your ways. Then,
> after putting up a small fight, you make the good suggestion and
> then everybody's happy. Or, you could just continue making good
> suggestions and save everybody some time :-)
>
> Toby.
>
> Oleg Nitz wrote:
> > Hey!
> >
> > Is there anybody out there?
> > No objections, no comments, so I'll do the proposed change.
> > Any objections or comments now?
> >
> > :-)
> >
> > Oleg
> >
> > On Tuesday 19 December 2000 02:08, Oleg Nitz wrote:
> > > Hi All,
> > >
> > > Now JBoss security is optional in the following sense:
> > > if client doesn't set Principal, authentication is not
> > > performed. I don't see good reasons for this strange rule.
> > > Does anybody see?
> > > I propose the following rules:
> > > 1) authentication is performed iff the security-manager is set
> > > for the given bean.
> > > 2) it is allowed that security-manager is set, but
> > > role-mapping-manager is not set (now this is not allowed).
> > > In this case:
> > > a) throw illegal access exception iff the set of roles for the
> > > given method is non-empty,
> > > b) isCallerInRole() always returns false
> > >
> > > Any objections or comments?
> > >
> > > Regards,
> > > Oleg
