[jboss-as7-dev] ClientLoginModule in AS7

David M. Lloyd david.lloyd at redhat.com
Fri Jun 10 14:25:46 EDT 2011


On 06/10/2011 01:21 PM, Jaikiran Pai wrote:
> On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
>> On 06/10/2011 04:49 PM, Anil Saldhana wrote:
>>> On 06/10/2011 10:46 AM, Darran Lofthouse wrote:
>>>> On 06/10/2011 04:43 PM, Anil Saldhana wrote:
>>>>> We have not discarded that LM.
>>>> But is it expected to be supported?
>>>>
>>>> The org.jboss.security.annotation.SecurityDomain annotation has also
>>>> not
>>>> been discarded even though there is an EJB3 specific SecurityDomain
>>>> annotation ;-)
>>>>
>>> The EJB3 Security Domain annotation should be discarded for AS7 and
>>> they need to use the one coming from PicketBox.
>>
>> Carlo / Jaikiran - are you Ok with the Picketbox @SecurityDomain
>> annotation?
> I don't think that's a good idea. We've already had one round of such
> changes from JBoss AS4 to JBoss AS5 where we changed the package names
> of those annotations from org.jboss.annotation.* to
> org.jboss.ejb3.annotation and users still keep running into problems
> with that.
>
> Also, I don't see why EJB3 needs to depend on that PicketBox annotation
> for managing security. Why not continue using the EJB3 @SecurityDomain
> and we internally pass on the relevant information to the PicketBox
> project for security management. Or are you saying that PicketBox is
> going to scan EJB3 classes for those PicketBox specific annotations?

Agreed.  EJB security is an EJB concern; PicketBox may be the 
implementation but it is not appropriate to change these annotations 
because of it.

On the contrary we should continue to support org.jboss.ejb3.annotation 
- and maybe even org.jboss.ejb.annotation, to be honest.  There is no 
compelling reason to change this now.
-- 
- DML


More information about the jboss-as7-dev mailing list