Re: [jetty-dev] Associating security info and threads

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Associating security info and threads

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Wed, 15 Apr 2009 10:52:00 +1000
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.21 (X11/20090409)



The other option for a fix, is to keep a single associate method, but
delay calling the authorization checks on the constraints until after
we have scoped the request for a particular servlet.

The main problem with this is that there is no clean break I can
see between authentication and authorization in the constraints
architecture.



Note another issue I can see is that the lazy authentication
is not really working because the security handler will always
call getAuthStatus() after a validate and force the lazy
identity to validate anyway!

cheers

References:
- [jetty-dev] Associating security info and threads
  - From: Jan Bartel

Prev by Date: [jetty-dev] Associating security info and threads
Next by Date: Re: [jetty-dev] http service configuration
Previous by thread: [jetty-dev] Associating security info and threads
Next by thread: [jetty-dev] Re: http service configuration
Index(es):
- Date
- Thread

Breadcrumbs