[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [jetty-dev] Associating security info and threads
- From: Greg Wilkins <gregw@xxxxxxxxxxx>
- Date: Wed, 15 Apr 2009 10:52:00 +1000
- Delivered-to: email@example.com
- User-agent: Thunderbird 220.127.116.11 (X11/20090409)
The other option for a fix, is to keep a single associate method, but
delay calling the authorization checks on the constraints until after
we have scoped the request for a particular servlet.
The main problem with this is that there is no clean break I can
see between authentication and authorization in the constraints
Note another issue I can see is that the lazy authentication
is not really working because the security handler will always
call getAuthStatus() after a validate and force the lazy
identity to validate anyway!