Bill,
I agree on the usable security part of the arguments and we will do
whatever we can.
Typically, I write articles such as the ones for JBoss AS5.1
http://java.dzone.com/users/janilsal
This is what I have for AS7.1
http://community.jboss.org/wiki/JBossAS7SecurityDomainModel
http://community.jboss.org/wiki/JBossAS7SecurityAuditing
I will provide a writeup on the EE web security you have asked for,
later in the day.
Regards,
Anil
On 10/18/2011 10:33 AM, Bill Burke wrote:
Would be cool to see a very small writeup (even just an example
web.xml/jboss-web.xml) that shows:
a) What we *have* to support because of Java EE 6.
b) What we *actually* want users to use.
Having feature checkmarks is great, but these security interfaces really
need a facelift. It still doesn't seem like a lot of effort is being
put into the usability of both consuming a security plugin and writing one.
On 10/18/11 10:09 AM, Anil Saldhana wrote:
> Marcus,
> this is in regard to your proposed changes to JBossWebRealm for the
> authorization bits.
>
>
https://github.com/mmoyses/jboss-as/commit/ba3c43f8dfc9c201098392c5ebf904...
>
> Previously, AS5/6, we had the JBoss Authorization enabled by default.
> IMO for AS7, you have taken the right approach to allow user to
> configure whether to use JBoss Authz via jboss-web.xml setting.
>
> We need to get this merged asap such that I can finish the auditing task
> I am currently working on.
>
> Regards,
> Anil