5 Replies Latest reply on Oct 4, 2007 1:34 PM by starksm64

Principal implementations in metadata project

starksm64 Oct 4, 2007 12:00 PM

One issue I just ran into is the duplication of the org.jboss.security.{AnybodyPrincipal,AnybodyPrincipal,SimplePrincipal} in the jboss-metadata project. These are Principal implementations that should not be defined by the metadata layer. They really belong in the security project/security aspect project (where they currently are). Removing these means breaking the legacy org.jboss.metadata.BeanMetaData.getMethodPermissions which returns a Set of Principals.

The only way around that is to add a PrincipalFactory api to the metadata project, or add such an interface to the jboss-security-spi and have jboss-metadata depend on that.

1. Re: Principal implementations in metadata project

anil.saldhana Oct 4, 2007 12:26 PM (in response to starksm64)

Do you think it is better for BeanMetaData.getMethodPermissions to return a set of strings that represent roles rather than a set of principals? Special strings can represent the ANYBODY or NOBODY principals.
Actions
2. Re: Principal implementations in metadata project

starksm64 Oct 4, 2007 12:32 PM (in response to starksm64)

Yes, but if we want the existing BeanMetaData api to be backward compatible it needs to keep the set of principals. This is only being used by the Container.getMethodPermissions in the jbossas codebase, so we could argue its not part of the public metadata api, and add the jbossxb principal creation to the ejb container.
Actions
3. Re: Principal implementations in metadata project

anil.saldhana Oct 4, 2007 12:41 PM (in response to starksm64)

I do not think there is any usage of BeanMD.getMethodPermissions in any of our interceptors (which typically inspire custom interceptors). So as you said, this particular method call is not being used external to JBAS official code.

I prefer the string approach.
Actions
4. Re: Principal implementations in metadata project

anil.saldhana Oct 4, 2007 12:56 PM (in response to starksm64)

Additionally the meta data view of method permissions is a set of strings. It is the container that may take the approach of a group principal for a set of roles IMHO.
Actions
5. Re: Principal implementations in metadata project

starksm64 Oct 4, 2007 1:34 PM (in response to starksm64)

I'm changing the metadata to use strings.
Actions

Go to original post