-
1. Re: Security changes
BTW, it would be a good idea to flush or update your persisted security :
delete from nuke_services_attributes where pn_aid='Security'
this will force when you deploy to store the current DD into the database. -
2. Re: Security changes
can you also explain how the patterns work. are they just arbitrary patterns that we come up w/, and then check for in the code?
couldn't we do some of this work using jaas? -
3. Re: Security changes
Pattern is like before, I just removed the component part.
We will use JAAS in the future there is no doubt about it, but for now it is sufficient. -
4. Re: Security changes
i just made an update to the SecurityManager class so that the "getSecLevel" will iterate over all the permissions and return the highest level level for the given set of groups.
this allows different groups to use the same security patterns, which i noticed no longer worked correctly when i went to resolve the conflicts in the news module.
also, the Admins security setting was missing from the forums jboss-service.xml file - please reflush the security settings when you update, or the stored database configuration will override the xml file's.
finally, if anyone is working on adding security and are having problems, add the following line to your log4j.conf file (under jboss/nukes) to get some useful debug information output to the logs.<category name="org.jboss.nukes.security"> <priority value="DEBUG"/> </category>