"tfennelly" wrote : Kev, please lets not say "it is the preferred method" just yet!! Okay, it is my preferred method :) "tfennelly" wrote : At the moment, I don't agree with your analysis for a number of reasons. As far as I see it, we can easily control what we merge from the user defined web.xml into the generated web.xml, so having control is not really an issue IMO. Really? How do you propose to validate everything they have added and make sure that it does not interfere with what we configure? It is much easier for us to use a configuration which we control to generate a valid deployment. "tfennelly" wrote : Also, I don't agree that we should be restricting the user unless there is a "grave" danger that they would not be able to resolve easily. I don't see this as being one. The potential exists and it needn't. "tfennelly" wrote : The down side as I see it would be that implementation of the "strict model" becomes quite a bit more complex since a mapping process would be more complex (IMO) than a filtering process. We have to document this new config model (the web.xml approach is already well documented and familiar to the user). We have to maintain it going forward. In some ways, I feel we are reinventing the wheel with this approach. It is certainly true that it would save us some development time if we did not have to handle the mapping but then it is my opinion that doing that development up front will make it easier for users and us, in terms of support/questions. "tfennelly" wrote : Well firstly, I wouldn't be in favor of restricting the user in this case, but even if we do decide to do that, I think if we keep the config the same as that of the web.xml, the maping process is considerably easier for us to implement/document and is more natural to the user. Same points as I made above. Sure, but this then goes back to validating all they have and making sure it doesn't impact on what we need. So you are moving from a safe mapping/generating to a process which requires much tighter validation. "tfennelly" wrote : Sorry Kev... I wasn't clear in the original... what I mean't was a config to restrict the methods allowed through a given bus. The existing HTTP Gateway has an "allowMethods" config, whose default is basically all methods (I think). This config option allows the default to be overridden. Sorry, I guess I wasn't clear :). Yes, it should be configurable. Kev View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238202#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...