[jboss-as7-dev] ClientLoginModule in AS7

Anil Saldhana Anil.Saldhana at redhat.com
Mon Jun 13 08:00:51 EDT 2011


Ideally, the @SecurityDomain annotation should be standardized via EE.  
Until then,
it makes sense for it to reside in the Security project such that 
projects other than ejb3
can make use of it.

On 06/13/2011 03:34 AM, Carlo de Wolf wrote:
> On 06/10/2011 09:21 PM, Jason T. Greene wrote:
>> On 6/10/11 2:14 PM, Darran Lofthouse wrote:
>>> On 06/10/2011 07:21 PM, Jaikiran Pai wrote:
>>>> On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
>>>>>> The EJB3 Security Domain annotation should be discarded for AS7 and
>>>>>> they need to use the one coming from PicketBox.
>>>>> Carlo / Jaikiran - are you Ok with the Picketbox @SecurityDomain
>>>>> annotation?
>>>> I don't think that's a good idea. We've already had one round of such
>>>> changes from JBoss AS4 to JBoss AS5 where we changed the package names
>>>> of those annotations from org.jboss.annotation.* to
>>>> org.jboss.ejb3.annotation and users still keep running into problems
>>>> with that.
>>> Regarding that problem is it possible for us to detect the presence of
>>> other org.jboss.*.SecurityDomain annotations that we do not process?  If
>>> so and maybe log a warning that we have not used it?
>>>
>>> I did loose count of the number of times users could not get security to
>>> work because they had the wrong annotation and the side effect was the
>>> security was not enabled.
>> We really just need to pick one. If we go with the common route it needs
>> to be polished, not something that requires a module import and has a
>> bunch of unsupported annotations in the same package.
>>
> org.jboss.ejb3.annotation.SecurityDomain and the associated
> <security-domain>  from the dd are part of the EJB3 API.
>
> But alternatively we've been working on something that I find much better:
> org.jboss.security.annotation.SecurityDomain and in the dd:
> <assembly-descriptor>
> <picketbox:security-domain>
> <ejb-name>*</ejb-name>
> <picketbox:value>other</picketbox:value>
> </picketbox:security-domain>
> </assembly-descriptor>
>
> The picketbox elements can be formed in any which way PicketBox wants
> them. The metadata association logic comes from EJB3 code.
>
> (That would also allow us to use infinispan stuff for clustering, custom
> pool impls etc.)
>
> Carlo


More information about the jboss-as7-dev mailing list