[jira] Updated: (GERONIMO-841) Provide the ability to isolate applications

Thu, 16 Nov 2006 14:44:07 -0800 

     [ http://issues.apache.org/jira/browse/GERONIMO-841?page=all ]

Matt Hogstrom updated GERONIMO-841:
-----------------------------------

    Fix Version/s: Wish List
                       (was: 1.2)

> Provide the ability to isolate applications
> -------------------------------------------
>
>                 Key: GERONIMO-841
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-841
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: deployment
>    Affects Versions: 1.0-M4
>            Reporter: Aaron Mulder
>             Fix For: Wish List
>
>
> It would be nice if it was possible to deploy applications that could not 
> "see" each other.  Meaning, cannot refer to connectors, EJBs, GBeans, etc. 
> deployed in a different application, unless that application is a parent in 
> the configuration hierarchy.  Currently this is true of the default 
> resolution strategies if incomplete mapping information is provided (for 
> example, if you don't specify an application, both the current app and no app 
> are searched but not other apps).  However, nothing prevents an application 
> from constructing a GBean Name pointing directly to a resource in a different 
> application.  And the "global JNDI names" of all EJBs/resources appears in 
> the same JNDI space, so it would need to segregated into 
> spaces-per-application and you'd need to specify an application in order to 
> connect.
> One reference resolution strategy would just be to pretend that nothing from 
> the other applications exists, so references would simply fail.  Another 
> option would be to apply security roles to GBeans and connectors and so on so 
> that the references always resolve but at runtime the user's role could be 
> checked to decide whether to grant access.  Of course, this would require the 
> two applications share a security realm or principal class or something.
> Ideally, in a hosting-type environment, you could safely deploy multiple 
> applications that should not be able to interfere with each other (outside of 
> claiming common URLs for web app contexts or web services).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to