[wildfly-dev] About the security manager lifecycle

[David M. Lloyd]

At present in WildFly upstream, the security manager is only installed 
when the security manager subsystem installation commences, leading to 
PRs like this one [1] being rejected.  However, feedback from various 
quarters indicates that this relatively late installation may not be 
acceptable for a couple different reasons.  The current EAP version 
supports using the -secmgr flag to the start scripts to tell the 
bootstrap to install the security manager via jboss-modules' discovery 
process, which happens at the very beginning of process start.

I'm thinking maybe we should bring this functionality forward, resurrect 
#175, and modify the security manager subsystem to attach to the 
currently installed security manager.  This is also more friendly to 
embedded processes; we should support (for example) permission 
specification in deployments even if we don't directly control the 
security manager.  This also allows the security manager subsystem to 
run even if no security manager is installed, so validation of 
permissions.xml (for example) will still take place.

Thoughts?

[1] https://github.com/wildfly/wildfly-core/pull/175

-- 
- DML