I agree that the "username/password" in a config file is intrusive and
I like the idea of disabling the invokers. The only downside is that a system may indeed
WANT to have a separate machine publish to a remote queue on the JBCS machine. Disabling
the invoker would prevent this. Even so, one may make the argument that if there's
going to be 2 servers communicating stuff between them (like, "send this
message"), then a web-services interface might be a better service interface than a
remote, password-protected queue.
Just in case, though (directed at AronSogor), how would the "JAAS semi-simple"
solution work? I was thinking yesterday about the way EJB's have a "runas"
annotation, directing the bean to "Run As" a given user role. Is there a way to
get MBeans to do something like this, since (for example) the JMSMaillistener is the one
submitting to the mail queue.
If the JMS is protected by JAAS (in your semi-simple solution), then what is the mechanism
for becoming the role that you want to use when publishing to the queue?
View the original post :
Reply to the post :