> On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
> Also, I don't see why EJB3 needs to depend on that PicketBox annotation
> for managing security. Why not continue using the EJB3 @SecurityDomain
> and we internally pass on the relevant information to the PicketBox
> project for security management. Or are you saying that PicketBox is
> going to scan EJB3 classes for those PicketBox specific annotations?
Agreed. EJB security is an EJB concern; PicketBox may be the
implementation but it is not appropriate to change these annotations
because of it.
On the contrary we should continue to support org.jboss.ejb3.annotation
- and maybe even org.jboss.ejb.annotation, to be honest. There is no
compelling reason to change this now.
A compelling reason not to use the EJB3 SecurityDomain annotation could
be to introduce a common annotation that can be used for both EJBs and
for servlets and then possibly for anything else that can be secured and
deployed.
However I agree it probably doesn't belong in the project of the
implementation.
Regards,
Darran Lofthouse.