Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 4498 invoked from network); 3 Sep 2009 02:22:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Sep 2009 02:22:36 -0000 Received: (qmail 26043 invoked by uid 500); 3 Sep 2009 02:22:36 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 25923 invoked by uid 500); 3 Sep 2009 02:22:35 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 25915 invoked by uid 99); 3 Sep 2009 02:22:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Sep 2009 02:22:35 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rwonly@gmail.com designates 209.85.222.188 as permitted sender) Received: from [209.85.222.188] (HELO mail-pz0-f188.google.com) (209.85.222.188) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Sep 2009 02:22:26 +0000 Received: by pzk26 with SMTP id 26so1261541pzk.0 for ; Wed, 02 Sep 2009 19:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=9yIqDPpuSpSmK6agHSns+xEwVYHaCLOiveKVV76JIWE=; b=V999YbmdBwnzFnhdergBcnnS3917aTg2RkKv+d7w7sRK4eL3uM0wVqEs+iAEt54mPT 6WlvBhZEDwVLWDdUhtXX/iLsHOIlCWXDsskpvYe7+wwHc3Ep72cN7kicEtCZaH20MP2W XfGUIV733w6Qas2B6J8/ZwkBYvAp4dz+4RmPg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=QxkCHoR5nXysgIDeLJdhZvUx+tgA8qgqEZuPwHk1PdFAz8PrAMS7M5UYC+inXn41Q3 5snY415foxlAFoH7HdbMVESHbzpM7jspwpXLsgGQNNJlPavtm9DHcxifPq7b1BUOxYk/ pjzDdlu2JJKzeryRqWjVCwZQYSFwohe8tcy0k= MIME-Version: 1.0 Received: by 10.141.3.15 with SMTP id f15mr2717603rvi.13.1251944524775; Wed, 02 Sep 2009 19:22:04 -0700 (PDT) In-Reply-To: <7F30CAE0-DFD9-41A2-8F23-097AF2889118@yahoo.com> References: <45f744e40909020640xeea2016o2e97cb9c2837ac96@mail.gmail.com> <7F30CAE0-DFD9-41A2-8F23-097AF2889118@yahoo.com> Date: Thu, 3 Sep 2009 10:22:04 +0800 Message-ID: Subject: Re: Geronimo Security Dependencies in 2.2 From: Rex Wang To: dev@geronimo.apache.org Content-Type: multipart/alternative; boundary=000e0cd11360ad83a40472a30cf1 X-Virus-Checked: Checked by ClamAV on apache.org --000e0cd11360ad83a40472a30cf1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable 2009/9/3 David Jencks > > On Sep 2, 2009, at 6:40 AM, Ivan wrote: > > Hi, >> In Geronimo 2.2, we have a tight reference of ConfigurationFactory in >> the webappcontext, so it seems that we always need to add the dependenci= es >> of the security realm it uses in the deployment plan, even if the global >> attribute of the security realm is set with true, right ? So when will = we >> need to set the global with false ? >> > > Set global to true if you are using the realm in openejb, otherwise I > advise setting it to false. Is that mandatory to set global=3Dfalse and add dependencies when using a realm in web app? I remember you said "global =96 visible to all applicatio= ns no matter what their dependencies. However, without a dependency there is n= o guarantee that the relam will be there if the application that uses it is." Does that mean if developing a web app, we'd better to add a dependency, no matter if global is set true? Thanks > The point of non-global realms is to allow duplicate realm names, since > the realm is scoped to the ancestors of the plugin that is using the real= m. > Since openejb does all the security from the openejb plugin rather than > from individual ejb app plugins, a realm used by openejb has to be global= or > be an ancestor of the openejb plugin. Since web apps do security per-app= , > non-global works fine for them. > > thanks > david jencks > > Thanks ! >> >> -- >> Ivan >> > > --000e0cd11360ad83a40472a30cf1 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable

2009/9/3 David Jencks = <david_jencks@yahoo.com>= ;

On Sep 2, 2009, at 6:40 AM, Ivan wrote:

Hi,
=A0 =A0In Geronimo 2.2, we have a tight reference of ConfigurationFactory = in the webappcontext, so it seems that we always need to add the dependenci= es of the security realm it uses in the deployment plan, even if the global= attribute of the security realm is set with true, right ? =A0So when will = we need to set the global with false ?

Set global to true if you are using the realm in openejb, otherwise I advis= e setting it to false.
=A0
Is that mandatory to= set global=3Dfalse and add dependencies when using a realm in web app? I r= emember you said "global =96 visible to all applications no matter wha= t their dependencies. However, without a dependency there is no guarantee that the relam will be= there if the application that uses it is."=A0
Does that mean if d= eveloping a web app, we'd better to add a dependency, no matter if glob= al is set true?

Thanks
=A0
=A0The point of non-global realms is to allow duplicate realm names, = since the realm is scoped to the ancestors of the plugin that is using the = realm. =A0Since openejb does all the security from the openejb plugin rathe= r than from individual ejb app plugins, a realm used by openejb has to be g= lobal or be an ancestor of the openejb plugin. =A0Since web apps do securit= y per-app, non-global works fine for them.

thanks
david jencks

=A0 Thanks !

--
Ivan


--000e0cd11360ad83a40472a30cf1--