That looks extremely plausible.
David Blevins would know for sure but I'm 99% sure that openejb is
already handling all the ejb security annotations correctly so
geronimo doesn't need to deal with them. We should handle the
servlet annotations.
thanks
david jencks
On Apr 10, 2007, at 3:44 PM, Tim McConnell wrote:
Hi, I'm trying to verify that we're properly supporting all the
javax.annotation.security annotations. Based on my "interpretation"
of the pertinent specs, this is what I've found relative to what
application type should support what annotations. If anyone sees
anything obviously wrong with my interpretation(s) please let me
know (especially if I've missed anything obvious). Thanks much
EJB security annotations:
@DeclareRoles
@RolesAllowed
@PermitAll
@DenyAll
@RunAs
Servlet security annotations
@DeclareRoles
@RunAs (not exactly sure why, but presumably to propagate a
security context/identity from a Web container to an EJB
container and possibly for web service endpoints implemented as
servlets)
--
Thanks,
Tim McConnell
