[ https://issues.jboss.org/browse/FORGE-821?page=com.atlassian.jira.plugin.... ] Vineet Reynolds commented on FORGE-821: --------------------------------------- This is primarily a Java EE plugin. Salient notes from the discussion on #forge: * The plugin should enable Java EE's default security mechanism. * Providers or other plugins would enable the mechanisms for other security frameworks. Example use cases would involve: * {{$ realm setup-groups foo bar}}, or {{$ realm setup-users foo bar}}, {{$ realm setup-roles foo bar}} etc. to setup a security realm * {{$ cas with-roles foo bar on com.acme.services.ExampleService.service}} * {{$ web-constraint on /xyz/* for foo bar}} Note - the above use cases need not be adhered to, in this plugin or in the others. They're a general suggestion. I'd prefer that a {{ScaffoldProvider}} not apply/generate security constraints on the generated scaffold, until it is known that the provider should do so. That is, unless the {{ScaffoldProvider}} is aware that a certain part of the generated scaffold should be protected, it shouldn't do so by default. For example, if a generated scaffold contains a login page and also have role-based-security, then the scaffold provider may generated appropriate security constraints. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira