Provide the ability to isolate applications
-------------------------------------------
Key: GERONIMO-841
URL: http://issues.apache.org/jira/browse/GERONIMO-841
Project: Geronimo
Type: Improvement
Components: deployment
Versions: 1.0-M4
Reporter: Aaron Mulder
Fix For: 1.1
It would be nice if it was possible to deploy applications that could not "see"
each other. Meaning, cannot refer to connectors, EJBs, GBeans, etc. deployed
in a different application, unless that application is a parent in the
configuration hierarchy. Currently this is true of the default resolution
strategies if incomplete mapping information is provided (for example, if you
don't specify an application, both the current app and no app are searched but
not other apps). However, nothing prevents an application from constructing a
GBean Name pointing directly to a resource in a different application. And the
"global JNDI names" of all EJBs/resources appears in the same JNDI space, so it
would need to segregated into spaces-per-application and you'd need to specify
an application in order to connect.
One reference resolution strategy would just be to pretend that nothing from
the other applications exists, so references would simply fail. Another option
would be to apply security roles to GBeans and connectors and so on so that the
references always resolve but at runtime the user's role could be checked to
decide whether to grant access. Of course, this would require the two
applications share a security realm or principal class or something.
Ideally, in a hosting-type environment, you could safely deploy multiple
applications that should not be able to interfere with each other (outside of
claiming common URLs for web app contexts or web services).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
