[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Associating security info and threads



The other option for a fix, is to keep a single associate method, but
delay calling the authorization checks on the constraints until after
we have scoped the request for a particular servlet.

The main problem with this is that there is no clean break I can
see between authentication and authorization in the constraints
architecture.



Note another issue I can see is that the lazy authentication
is not really working because the security handler will always
call getAuthStatus() after a validate and force the lazy
identity to validate anyway!

cheers