Re: [jetty-dev] Associating security info and threads

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Associating security info and threads

From: Greg Wilkins <gregw@xxxxxxxxxxx>
Date: Wed, 15 Apr 2009 10:52:00 +1000
Delivered-to: jetty-dev@eclipse.org
User-agent: Thunderbird 2.0.0.21 (X11/20090409)

The other option for a fix, is to keep a single associate method, but
delay calling the authorization checks on the constraints until after
we have scoped the request for a particular servlet.

The main problem with this is that there is no clean break I can
see between authentication and authorization in the constraints
architecture.

Note another issue I can see is that the lazy authentication
is not really working because the security handler will always
call getAuthStatus() after a validate and force the lazy
identity to validate anyway!

cheers

References:
- [jetty-dev] Associating security info and threads
  - From: Jan Bartel

Prev by Date: [jetty-dev] Associating security info and threads
Next by Date: Re: [jetty-dev] http service configuration
Previous by thread: [jetty-dev] Associating security info and threads
Next by thread: [jetty-dev] Re: http service configuration
Index(es):
- Date
- Thread