[seam-issues] [JBoss JIRA] (SEAMSECURITY-118) Seam Security documentation issues and comments

Fri, 14 Oct 2011 04:47:41 -0700 

Seam Security documentation issues and comments
-----------------------------------------------

                 Key: SEAMSECURITY-118
                 URL: https://issues.jboss.org/browse/SEAMSECURITY-118
             Project: Seam Security
          Issue Type: Bug
    Affects Versions: 3.1.0.Beta3
            Reporter: Marek Schmidt
             Fix For: 3.1.0.Final


    Security
        1.2.1. Maven Dependencies
             * "<seam.version>3.0.0.Final</seam.version>" should be changed to 
3.1.0.Final
             * "<artifactId>seam-security-impl</artifactId>" is no longer 
valud, should be seam-security (only if the suggested seam version 
"seam.version" is changed to e.g. 3.1.0.Final in the docs)     

        2.3. Which Authenticator will Seam use?
            * "Seam Config" should be something like "Solder XML Config" 
instead, mentioned twice

        3.4.3. Applying the binding to your business methods
            * "Seam Catch" should be something like "Solder Exception Handling" 
instead

        4.2.4. Credential
            * the example of IdentityObjectCredential should probably contain 
annotations on "IdentityObject identityObject;" for clarity (as the getter is 
omitted)
                (e.g. @ManyToOne  @JoinColumn(name = "IDENTITY_OBJECT_ID")

        5.2.2.1. Using OpenID as your only authentication method
            * "Seam Config" should be something like "Solder XML Config" instead
            * "<security:Identity>" should be  "<security:IdentityImpl>"
            * 
"<security:authenticatorClass>org.jboss.seam.security.external.openid.OpenIdAuthenticator</security:authenticator>"
 is invalid XML  (end tag doesn't match)

        5.2.4. Managing the OpenID authentication process
            * "The API described in this section will likely be changed in a 
future version of Seam to allow for easier handling of the OpenID 
authentication lifecycle."
                is this still true? 
            * "The above example assumes that the Seam Servlet module is used 
to allow injection of the ServletContext."
                this note can probably be removed, as Servlet is now in Solder, 
or changed to reflect that Solder is now responsible for this.

        Missing Pieces
            # anything from org.jboss.seam.security.annotations.permission and 
org.jboss.seam.security.permission (Identifier, Permission, SecuredView...) is 
not documented
                (is it supposed to be working yet?)
            # package org.jboss.seam.security.annotations.rememberme 
(TokenValue, TokenUsername) is not documented (should it be removed?)
            # security events are not documented (all events from 
org.jboss.seam.security.events except DeferredAuthenticationEvent, which is 
mentioned in an OpenID example)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues

Reply via email to