geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-4521) ejb apps with spec security constraints should only deploy if there are corresponding geronimo security constraints, as with web apps
Date Fri, 23 Jan 2009 00:51:59 GMT
ejb apps with spec security constraints should only deploy if there are corresponding geronimo
security constraints, as with web apps
-------------------------------------------------------------------------------------------------------------------------------------

                 Key: GERONIMO-4521
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4521
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: deployment, OpenEJB
    Affects Versions: 2.1.3, 2.1.4, 2.2
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.1.4, 2.2


for quite a while we have only allowed you to deploy a web app with security constraints if
you also supply a geronimo security configuration; otherwise you get no security constraints
at all.  We should be doing the same for ejb apps.  While this may be inconvenient for those
who want to try deploying an app without completing the configuration, the alternative is
to give the impression that the deployed app is enforcing the security constraints -- which
it is not.

I suppose an alternative might be to figure out a way to deploy and just forbid access to
any resources that are constrained.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message