I would suggest Darran and Anil actually specify the runtime facilities/services the
security components need. We need concrete requirements to actually take a decision
on the argument "embedded http vs. servlet engine".
Ike
On Jan 21, 2011, at 11:22 AM, Darran Lofthouse wrote:
Yes I also have the same concern for the JDK implementation, if we
are able to use the JBoss Web installation that Anil and Marcus are integrating with we
gain all of the benefits of the work already implemented if not the same integration
becomes required for the JDK server.
On the other hand however if the security subsystem worked with both JBoss Web and the
JDK server then maybe it would make some of the testing that has been an issue in the past
a lot easier.
Regards,
Darran Lofthouse.
On 01/20/2011 09:02 PM, Andrig Miller wrote:
> Overall, I'm concerned about the security aspects of this console, and how it
will fit in with a customers overall security implementation. Considering customers like
Mastercard, which have network devices for encryption and key management, etc., they will
want everything to be able to work through that infrastructure, and not have to manage
security differently for our console.
>
> This type of thing could become a very real impediment to adoption of EAP 6 down the
road.
>
> Let's make sure we include Anil and his folks in these security discussions, so
we don't end up with something that doesn't fit into the long term goals, and
potentially becomes a show stopper for customer to adopt the next major EAP release.
>
> Andy
>
> ----- Original Message -----
>> From: "Heiko Braun"<hbraun(a)redhat.com>
>> To: ssilvert(a)redhat.com
>> Cc: jboss-as7-dev(a)lists.jboss.org
>> Sent: Thursday, January 20, 2011 10:10:43 AM
>> Subject: Re: [jboss-as7-dev] Management Console JDK Server Example
>> On Jan 20, 2011, at 6:02 PM, ssilvert(a)redhat.com wrote:
>>
>>>> It's not reinventing the servlet API, it's using an alternative
one
>>>> that accomplishes then same thing but with minimal overhead.
>>>
>>
>>
>> Let's get back to more concrete requirements. I already suggested a
>> discussion about security to begin with.
>> If any of those identify a dependency on the servlet API, or reveal
>> that supporting libraries
>> that depend on the servlet API help us achieving our goals with less
>> work, then we should consider a servlet runtime.
>>
>> If nothing of that is the case, fine, then proceed with the embedded
>> server approach.
>>
>>
>> Another thing that we might consider it configuration of the HTTP
>> endpoints.
>> TLS has been mentioned. How would that work on embedded HTTP? How
>> would you specify
>> and use certificates? Would we need to write all that on our own?
>>
>> Might look trivial, but simple bit's easily add up to a pile of work.
>>
>> Ike
>>
>>
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev