[wildfly-dev] About the security manager lifecycle

At present in WildFly upstream, the security manager is only installed when the security manager subsystem installation commences, leading to PRs like this one [1] being rejected. However, feedback from various quarters indicates that this relatively late installation may not be acceptable for a couple different reasons. The current EAP version supports using the -secmgr flag to the start scripts to tell the bootstrap to install the security manager via jboss-modules' discovery process, which happens at the very beginning of process start. I'm thinking maybe we should bring this functionality forward, resurrect #175, and modify the security manager subsystem to attach to the currently installed security manager. This is also more friendly to embedded processes; we should support (for example) permission specification in deployments even if we don't directly control the security manager. This also allows the security manager subsystem to run even if no security manager is installed, so validation of permissions.xml (for example) will still take place. Thoughts? [1] https://github.com/wildfly/wildfly-core/pull/175 -- - DML