This content has been marked as final.
Show 2 replies
-
1. Re: JBAS-2703:AuthenticationManager/AuthorizationManager plu
anil.saldhana Mar 30, 2006 1:05 PM (in response to anil.saldhana)Scott says:
If a security manager is going to plugin transparently it has to deal with the existing configurations. That is not likely, so a test relying on a jaas configuration of the principal mapping is not going to work. We need a security manager metadata abstraction that allows for different implementations to function from a general metadata model rather than implementation specific configurations.
------------------------------------------------------
The issue is mapping from one configuration format to metadata model that another implementation will use. What has to be possible is initialize a security manager for a given deployments metadata. I don't see that this is a solvable problem in the short term.
--------------------------------------------------------
For the jira issue I would simply create custom tests with the new security manager metadata configuration. The issue was not about how to allow anyone to plugin a security manager that works with existing deployments with jboss security manager metadata. -
2. Re: JBAS-2703:AuthenticationManager/AuthorizationManager plu
anil.saldhana Apr 3, 2006 10:26 PM (in response to anil.saldhana)Rather than creating fresh EJBs, I reused the EJBSpecUnitTestCase(that this testcase extends) that defines a lot of combinations of EJBs with various security settings. Then I added a secured weblayer talking to a secured stateless SB test method, to give this JIRA issue an allround exposure.
I guess at the end, servlets, ejbs, JMS connections, Datasource connections are tested for security settings.
The custom security manager makes use of two property files - custom-users.properties and custom-roles.properties for principal/cred and principal/role mappings.