geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim McConnell <tim.mcco...@gmail.com>
Subject Re: Security Annotations
Date Wed, 11 Apr 2007 01:50:02 GMT
Thanks for reviewing David, I shall get started on the servlet annotations 
immediately....

David Jencks wrote:
> That looks extremely plausible.
> 
> David Blevins would know for sure but I'm 99% sure that openejb is 
> already handling all the ejb security annotations correctly so geronimo 
> doesn't need to deal with them.  We should handle the servlet annotations.
> 
> thanks
> david jencks
> 
> On Apr 10, 2007, at 3:44 PM, Tim McConnell wrote:
> 
>> Hi, I'm trying to verify that we're properly supporting all the 
>> javax.annotation.security annotations. Based on my "interpretation" of 
>> the pertinent specs, this is what I've found relative to what 
>> application type should support what annotations. If anyone sees 
>> anything obviously wrong with my interpretation(s) please let me know 
>> (especially if I've missed anything obvious). Thanks much
>>
>> EJB security annotations:
>>     @DeclareRoles
>>     @RolesAllowed
>>     @PermitAll
>>     @DenyAll
>>     @RunAs
>>
>> Servlet security annotations
>>     @DeclareRoles
>>     @RunAs         (not exactly sure why, but presumably to propagate 
>> a security context/identity from a Web container to an 
>> EJB                             container and possibly for web service 
>> endpoints implemented as servlets)
>>
>> --Thanks,
>> Tim McConnell
> 
> 

Mime
View raw message