One "belt and braces" way to do it (if you want further guidance ask in the security forum)
is to not deploy your application via hot deployment.
Instead you would deploy an mbean that does the deployment programmatically.
e.g. something like (pseudo code)
| public class DeployWebApp implements DeployWebAppMBean
| {
| public void start() throws Exception
| {
| loginUsingClientLoginModule(user, password);
| try
| {
| // really a JMX invocation
| MainDeployer.deploy(urlToWebApp);
| }
| finally
| {
| logout();
| }
| }
|
| public void stop() throws Exception
| {
| // Really JMX
| MainDeployer.undeploy(urlToWebApp);
| }
| }
|
But there's some subtle issues like making your mbean
depend on the JBossWEB (Tomcat) deployer so it doesn't try to deploy the url
before Tomcat is available.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4063701#4063701
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4063701
Origingally, my icky comment was related to the fact that I think you *might* run into a problem using the rollback code on a method annotated with @Remove and @Destroy since I don't know whether these annotations result in the method being called at other times (i.e. the bean is passivated, and not destroyed).
However, having a isCompleteOrCancelled flag would guard against any other calls you might get to that function.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4063695#4063695
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4063695