Hi,
While working to support some new security configurations in Servlet 3.0
web deployment xml file, I realized that we might need to support dynamic
security configuration for web access control. As in Servlet 3.0, it is
allowed to configure the security constrait while initializing the web
modules using ServletRegistration.Dynamic interface. However, in the past,
all of the permissions are calculated in the deployment process. So now,
from my view, we might need to re-envaluate the security constraint
configurations from scratch. Currently, My initial mind is to create a
Geronimo servletcontext and servletregistration.dynamic impl based on
Tomcat's , and add all the new security configuration data to the xmlbean
object while users invoke setSerlvetSecurity methods, then we re-calculate
the permissions again.
Anyone has other better ideas ? Thanks !
--
Ivan
