Here's a scenario that cannot work because of this bug.
# An EAR containing
## An EJB module that has a persistence module that uses PicketLink for ACL and hosts JPA entities used by PicketLink
## A WAR that contains PicketLink-protected front-end with IDM
If EAR/lib contains PicketLink JARs, front-end is not protected at all as ServletContextListener is not activated.
If both EJB and WAR contain PicketLink JARs, or if EAR/lib contains PicketLink JARs and WAR contains PicketLink JARs, PicketLink classes reside in different classloaders and naturally aren't instances of each other, causing ClassCast and other similar errors.
It's really a terrible situation as PicketLink is completely unusable in its current form in an actual enterprise project.
I'm sure PicketLink works in and of itself but there is some giant integration problem that is not addressed covered by tests and/or has no team overseeing it.
Is there any way we could move this forwards?
|
