[jboss-as7-dev] ClientLoginModule in AS7
Darran Lofthouse
darran.lofthouse at jboss.com
Fri Jun 10 15:14:32 EDT 2011
On 06/10/2011 07:21 PM, Jaikiran Pai wrote:
> On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
>>> The EJB3 Security Domain annotation should be discarded for AS7 and
>>> they need to use the one coming from PicketBox.
>>
>> Carlo / Jaikiran - are you Ok with the Picketbox @SecurityDomain
>> annotation?
> I don't think that's a good idea. We've already had one round of such
> changes from JBoss AS4 to JBoss AS5 where we changed the package names
> of those annotations from org.jboss.annotation.* to
> org.jboss.ejb3.annotation and users still keep running into problems
> with that.
Regarding that problem is it possible for us to detect the presence of
other org.jboss.*.SecurityDomain annotations that we do not process? If
so and maybe log a warning that we have not used it?
I did loose count of the number of times users could not get security to
work because they had the wrong annotation and the side effect was the
security was not enabled.
> Also, I don't see why EJB3 needs to depend on that PicketBox annotation
> for managing security. Why not continue using the EJB3 @SecurityDomain
> and we internally pass on the relevant information to the PicketBox
> project for security management. Or are you saying that PicketBox is
> going to scan EJB3 classes for those PicketBox specific annotations?
>
> -Jaikiran
>
More information about the jboss-as7-dev
mailing list