Security Context versus SecurityAssociation
Currently, SecurityAssociation contains a principal/credential association in addition to a RunAsIdentity as well as a subject stack. In JBoss 5, we want to move towards the concept of a Security Context that is a superset of SA.
Security Context contains the Subject Info (principal,credential and Subject), RunAsIdentity and security managers(auth/authz).
In a call path, since each of the JEE components may contain a different security domain, their security managers can change. Hence we will need a global static Security Association that can contain a threadlocal stack for the SecurityContext(s) governing the individual components. The previous thread local stacks in SA for runAsIdentity and Subject can be removed.
Comments