On Jul 4, 2006, at 7:03 AM, Gianny Damour wrote:
Gianny Damour wrote:
Hi,
I had a look to the patch and I think that it will take me about
one night to review it. As I will be on holidays this Friday, only
2 nights left, and away from any computer for 3 weeks, I am happy
to vote now if need be.
I do have a couple of questions, more for my education than
anything else:
* why is the root security element used as a placeholder for group
substitution in the geronimo-application schema? I would have
thought that this placeholder would be better in the geronimo-
security schema where the out-of-the-box/Geronimo substitution
group is defined;
That would work too. I was thinking that security only applies to
j2ee artifacts and that someone might want to run without the
geronimo security-builder module in their system. This might be
unrealistic since the client deployer and openejb deployer both have
hardcoded use of the geronimo security builder (to build default
principals), but it ought to work for web apps. For the analogous
case of services/gbeans, I thought that there was no likelyhood of
anyone trying to run without the gbean builder :-) My arm could be
twisted on that however :-).
and
* I think that SecurityBuilder should have a way to modify the
Environment of a Web-app module and, hence, that an additional
method should be added to do that during the createModule phase.
Otherwise, I am not sure how additional parent modules or specific
dependencies can be added to a Web-app module such that the GBeans
added by the builder can run.
At the moment I think you'd have to include the necessary jars as
explicit dependencies. I agree that this functionality is needed.
It's also needed for the web services builder. I was hoping to get
this much committed and then consider how many of the builder
concepts we have can be unified into namespace driven builders: I'm
hoping at least the web services builder can be.
Also, it is worth to underline that the definition of a
substitutable service element, which is currently replaceable by a
gbean element seems to be a very flexible configuration mechanism.
I'm pretty happy with this. I'm planning to convert the login module
builder to this style, I think we can have something that looks much
more like the sun login module config, just written in xml, with
little bits to point out if we want our extensions such as principal
wrapping.
What would be awesome is to be able to register additional
ElementConverter with SchemaConversionUtils such that developers
working on their home grown substitution groups do not need to
change this class.
Forget this point... While trying to see how this could be done I
discovered that it is actually already done, by XmlBeansUtil...
Thanks for your review and your, as always, perceptive and
interesting comments!
david jencks
Thanks,
Gianny
Obvisously, I am sold :)
Thanks,
Gianny
David Jencks wrote:
I think my latest patch for pluggable jacc is plausible to
commit, see http://issues.apache.org/jira/browse/GERONIMO-1563?
page=all and be sure to apply only the v4 patches.
I realize this is a significant amount of work, so at this time
I'm not actually asking any PMC members to review this, but I
would greatly appreciate it if at least 3 could spend a couple
minutes estimating how long they think it would take them to
evaluate the patch and when they might be able to complete
evaluating it, as this will personally affect my plans for the
next few weeks.
I think all the committers and other contributors might find
this information useful in planning their development activities
for the next few months.
Many thanks,
david jencks
