Thanks for the explanation. The idea for the security framework is that, the declarative security model is static, and it's very hard to do dynamic access control management. For example, say I have a content management app, which I want to hook to an external acess manager. Let say I can define my security policies in the access manager and apply them to my content management app.
When I change my policies, I want them to apply in real-time. I don't want to have to stop my jboss server, reconfigure a bunch of deployment descriptors, re-deploy, etc. This should be so dynamic and it's transparent. Maybe I'm in the wrong direction here, but I'm trying to prototype some interceptor that I can apply to any access request to any of my resources (in my content mgmt app). So the request will be security-checked first to see if the user has permission to that resource. I'm diving into the source code of Tomcat and JBoss to see if there is anywhere I can place a hook in, which gives me some clean way to intercept everything. thks View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3851731#3851731 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3851731 ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development