On Thu, Jul 21, 2011 at 04:51, Pete Muir <pmuir@redhat.com> wrote:

On 20 Jul 2011, at 12:46, Marek Schmidt wrote:

> Hi all,
>
> looking at https://issues.jboss.org/browse/SEAMSECURITY-81, I am not
> sure, what is the intended location of the security.drl file?
>
> The examples have it in WEB-INF/security.drl, but that doesn't work
> except on AS6.
>
> The SecurityRuleProducer injects the file using:
>
>> @Inject
>> @org.jboss.seam.solder.resourceLoader.Resource("security.drl")
>> InputStream securityRules;
>
> So I am not sure which of these are true statements:
>
> 1. Seam Security examples are wrong, the file should be moved to servlet
> context root
> 2. Seam Security impl is wrong, it should @Inject it from
> "WEB-INF/security.drl"
> 3. Seam Solder on AS7/Glassfish is wrong, it should pick up the file
> WEB-INF/security.drl using just the @Resource("security.drl") on these
> platforms
> 4. Seam Solder on AS6 is wrong, it should not pick up the file
> WEB-INF/security.drl using just the @Resource("security.drl") on AS6.

(3) and (4) are out, @Resource just uses the underlying web container and classloader to load resources. 

Either (1) or (2) is correct.

I don't think we want #1. That puts the file in the public web directory. How about:

1b: the file should be moved to the classpath (WEB-INF/classes) so it can be injected with @Resource("security.drl")
2. Seam Security should inject from WEB-INF/security.drl

I think Seam Security should accommodate both 1b and 2. And thus, no change to the example.

-Dan

--
Dan Allen
Principal Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597

http://www.google.com/profiles/dan.j.allen#about
http://mojavelinux.com
http://mojavelinux.com/seaminaction