[jboss-as7-dev] Security Domain Association

Jaikiran Pai jpai at redhat.com
Mon Jun 13 08:40:52 EDT 2011


On Monday 13 June 2011 06:03 PM, Remy Maucherat wrote:
> On Fri, 2011-06-10 at 13:09 -0300, Marcus Moyses wrote:
>> I think it would be a good idea to use the same annotation for servlets too.
>> If the EJB3 team is ok with using PB's annotation I can take a look at
>> integration it with servlets
>
> Ah, so it would be possible to have two servlets in the same webapp with
> two different security domains ? That sounds like something which would
> make performance go down (additional per request lookup), and has no
> actual benefit.
>
Furthermore, isn't the security for web, based on url-pattern and _not_ 
per servlet class? For example the same servlet class might be mapped to 
two different url-patterns and only one url-pattern might be secured. In 
such cases having a @SecurityDomain on a servlet class won't work, isn't it?

-Jaikiran



More information about the jboss-as7-dev mailing list