geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: [RTC] pluggable jacc
Date Tue, 04 Jul 2006 22:31:01 GMT

On Jul 4, 2006, at 7:03 AM, Gianny Damour wrote:

> Gianny Damour wrote:
>> Hi,
>> I had a look to the patch and I think that it will take me about  
>> one night to review it. As I will be on holidays this Friday, only  
>> 2 nights left, and away from any computer for 3 weeks, I am happy  
>> to vote now if need be.
>> I do have a couple of questions, more for my education than  
>> anything else:
>> * why is the root security element used as a placeholder for group  
>> substitution in the geronimo-application schema? I would have  
>> thought that this placeholder would be better in the geronimo- 
>> security schema where the out-of-the-box/Geronimo substitution  
>> group is defined;

That would work too.  I was thinking that security only applies to  
j2ee artifacts and that someone might want to run without the  
geronimo security-builder module in their system.  This might be  
unrealistic since the client deployer and openejb deployer both have  
hardcoded use of the geronimo security builder (to build default  
principals), but it ought to work for web apps.  For the analogous  
case of services/gbeans, I thought that there was no likelyhood of  
anyone trying to run without the gbean builder :-)  My arm could be  
twisted on that however :-).

>> and
>> * I think that SecurityBuilder should have a way to modify the  
>> Environment of a Web-app module and, hence, that an additional  
>> method should be added to do that during the createModule phase.  
>> Otherwise, I am not sure how additional parent modules or specific  
>> dependencies can be added to a Web-app module such that the GBeans  
>> added by the builder can run.

At the moment I think you'd have to include the necessary jars as  
explicit dependencies.  I agree that this functionality is needed.   
It's also needed for the web services builder.  I was hoping to get  
this much committed and then consider how many of the builder  
concepts we have can be unified into namespace driven builders: I'm  
hoping at least the web services builder can be.

>> Also, it is worth to underline that the definition of a  
>> substitutable service element, which is currently replaceable by a  
>> gbean element seems to be a very flexible configuration mechanism.

I'm pretty happy with this.  I'm planning to convert the login module  
builder to this style, I think we can have something that looks much  
more like the sun login module config, just written in xml, with  
little bits to point out if we want our extensions such as principal  

>> What would be awesome is to be able to register additional  
>> ElementConverter with SchemaConversionUtils such that developers  
>> working on their home grown substitution groups do not need to  
>> change this class.
> Forget this point... While trying to see how this could be done I  
> discovered that it is actually already done, by XmlBeansUtil...

Thanks for your review and your, as always, perceptive and  
interesting comments!

david jencks

> Thanks,
> Gianny
>> Obvisously, I am sold :)
>> Thanks,
>> Gianny
>> David Jencks wrote:
>>> I think my latest patch for pluggable jacc is plausible to  
>>> commit,  see 
>>> page=all and  be sure to apply only the v4 patches.
>>> I realize this is a significant amount of work, so at this time  
>>> I'm  not actually asking any PMC members to review this, but I  
>>> would  greatly appreciate it if at least 3 could spend a couple  
>>> minutes  estimating how long they think it would take them to  
>>> evaluate the  patch and when they might be able to complete  
>>> evaluating it, as this  will personally affect my plans for the  
>>> next few weeks.
>>> I think all the committers and other contributors might find  
>>> this  information useful in planning their development activities  
>>> for the  next few months.
>>> Many thanks,
>>> david jencks

View raw message