[wildfly-dev] About the security manager lifecycle
David M. Lloyd
david.lloyd at redhat.com
Thu Oct 2 12:06:51 EDT 2014
Hearing no objections, and finding yet more reasons to do so, I'm moving
ahead with this. The security manager will be enabled at boot by giving
the -secmgr flag to the startup script. The security manager subsystem
will configure permissions only.
On 09/26/2014 10:53 AM, David M. Lloyd wrote:
> At present in WildFly upstream, the security manager is only installed
> when the security manager subsystem installation commences, leading to
> PRs like this one [1] being rejected. However, feedback from various
> quarters indicates that this relatively late installation may not be
> acceptable for a couple different reasons. The current EAP version
> supports using the -secmgr flag to the start scripts to tell the
> bootstrap to install the security manager via jboss-modules' discovery
> process, which happens at the very beginning of process start.
>
> I'm thinking maybe we should bring this functionality forward, resurrect
> #175, and modify the security manager subsystem to attach to the
> currently installed security manager. This is also more friendly to
> embedded processes; we should support (for example) permission
> specification in deployments even if we don't directly control the
> security manager. This also allows the security manager subsystem to
> run even if no security manager is installed, so validation of
> permissions.xml (for example) will still take place.
>
> Thoughts?
>
> [1] https://github.com/wildfly/wildfly-core/pull/175
>
--
- DML
More information about the wildfly-dev
mailing list