On 06/10/2011 07:21 PM, Jaikiran Pai wrote:
On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
>> The EJB3 Security Domain annotation should be discarded for AS7 and
>> they need to use the one coming from PicketBox.
>
> Carlo / Jaikiran - are you Ok with the Picketbox @SecurityDomain
> annotation?
I don't think that's a good idea. We've already had one round of such
changes from JBoss AS4 to JBoss AS5 where we changed the package names
of those annotations from org.jboss.annotation.* to
org.jboss.ejb3.annotation and users still keep running into problems
with that.
Regarding that problem is it possible for us to detect the presence of
other org.jboss.*.SecurityDomain annotations that we do not process? If
so and maybe log a warning that we have not used it?
I did loose count of the number of times users could not get security to
work because they had the wrong annotation and the side effect was the
security was not enabled.
Also, I don't see why EJB3 needs to depend on that PicketBox
annotation
for managing security. Why not continue using the EJB3 @SecurityDomain
and we internally pass on the relevant information to the PicketBox
project for security management. Or are you saying that PicketBox is
going to scan EJB3 classes for those PicketBox specific annotations?
-Jaikiran