[jboss-as7-dev] ClientLoginModule in AS7
Darran Lofthouse
darran.lofthouse at jboss.com
Fri Jun 10 15:07:31 EDT 2011
>> On Friday 10 June 2011 09:23 PM, Darran Lofthouse wrote:
>> Also, I don't see why EJB3 needs to depend on that PicketBox annotation
>> for managing security. Why not continue using the EJB3 @SecurityDomain
>> and we internally pass on the relevant information to the PicketBox
>> project for security management. Or are you saying that PicketBox is
>> going to scan EJB3 classes for those PicketBox specific annotations?
>
> Agreed. EJB security is an EJB concern; PicketBox may be the
> implementation but it is not appropriate to change these annotations
> because of it.
>
> On the contrary we should continue to support org.jboss.ejb3.annotation
> - and maybe even org.jboss.ejb.annotation, to be honest. There is no
> compelling reason to change this now.
A compelling reason not to use the EJB3 SecurityDomain annotation could
be to introduce a common annotation that can be used for both EJBs and
for servlets and then possibly for anything else that can be secured and
deployed.
However I agree it probably doesn't belong in the project of the
implementation.
Regards,
Darran Lofthouse.
More information about the jboss-as7-dev
mailing list