On Monday 13 June 2011 06:03 PM, Remy Maucherat wrote:
On Fri, 2011-06-10 at 13:09 -0300, Marcus Moyses wrote:
> I think it would be a good idea to use the same annotation for servlets too.
> If the EJB3 team is ok with using PB's annotation I can take a look at
> integration it with servlets
Ah, so it would be possible to have two servlets in the same webapp with
two different security domains ? That sounds like something which would
make performance go down (additional per request lookup), and has no
actual benefit.
Furthermore, isn't the security for web, based on url-pattern and _not_
per servlet class? For example the same servlet class might be mapped to
two different url-patterns and only one url-pattern might be secured. In
such cases having a @SecurityDomain on a servlet class won't work, isn't it?
-Jaikiran