On Sep 24, 2007, at 3:03 PM, David Jencks wrote:
On Sep 20, 2007, at 8:56 AM, Anita Kulshreshtha wrote:
I am leaning towards deploying MEJB as an EJBModule. To auto
deploy
this I will be adding an mejb config. Are there any objections?
no :-)
I've been wondering if we should try to separate mejb security from
other security somehow and thought perhaps we should use a
GeronimoGroupPrincipal named mejb or mejb-admin. I think this
would make it easier to e.g. give someone access to the web console
but not the mejb or vice-versa. If we wanted to be even fancier we
could try mejb-read and mejb-write.
Would this improve modularity or just create more difficult
configuration?
I'm not sure about improving "modularity", but it seems useful. I'd
definitely advocate an mejb-specific group. Separation of read/write
selectivity seems less important and, I would assume, harder to do...
--kevan
