geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Boynes <>
Subject Re: Security configuration
Date Mon, 31 May 2004 20:05:51 GMT
Alan D. Cabrera wrote:

> What are the goals for the default configuration?  I had always thought
> that it was a simple example of how the server could work.

The default configuration is the primary one that gets certified and so 
needs to support all the J2EE functions. One of those is deployment 
(JSR88) so we need a secure way for a deployer to connect to the server 
and do things like start/stop applications and distribute new ones.

I set up a properties realm with a user "system" so that the deployer 
could authenticate and this is what I was referring to as default - this 
is not particularly secure and I would prefer to have a more robust 
solution (say with encrypted passwords ;-) ) but it works for now.

Any ideas/feedback from users on what they would like to see here would 
be appreciated.


View raw message