Re: Discussion: SecurityContext


Bill Shannon
 

Arjan Tijms wrote on 05/31/17 03:41 AM:
Hi,

On Wed, May 31, 2017 at 12:31 PM, Werner Keil <werner.keil@...> wrote:

If that's the case, this method should probably go into a Servlet specific interface or class. Otherwise please let's try to name and document it in a way that does not tie it to a single implementation or container.


Do note that while the method gives an outcome for a Servlet container resource, it should be perfectly valid to query it from any other containers.

E.g. an EJB bean composing an email message on behalf of a caller with an http link in that email.
I assume this is about hasAccessToWebResource...

As I read the spec, the resource name is relative to the web module.  If you're not in a web container, what names can you use?  If your app has two war files, which web module is the name relative to?  Presumably the one you're running in, which means it's not useful if you're not running in a web container.  Well, unless the EJB module is exposing web services of some sort.

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.