[jboss-dev-forums] [Design of Security on JBoss] - Re: Security Injection in AS5
adrian@jboss.org
do-not-reply at jboss.com
Wed Apr 9 13:14:42 EDT 2008
No, you don't need a seperate parsing deployer in this case
(you could have one if you wanted say a META-INF/security-policy.xml in any
deployment that automatically creates a security policy for the deployment).
What you do need is the metadata model (in this case your BeanMetaDataFactory)
available before it starts deploying the runtime, i.e. before anything in deploy is processed.
If you don't do that, then somebody adding a jbsx:policy
to their config, (e.g. jboss messaging or jca could do this)
may or may not be parsable based on whether the classes have been deployed
and the jbossxb config done.
In practice the classes will never be deployed since the initial bootstrap
does a breadth first parse of all config in the deploy before proceeding to create
classloaders (in the future when we move over to more locked down classloading
dependencies we'll need to know whether a deployment wants the ejb classes
first, i.e. does it have an ejb component).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4142882#4142882
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4142882
More information about the jboss-dev-forums
mailing list