Hi Adrian, thanks for looking at this and I agree with the general approach you suggests; however it would be great if the new design would simplify the integration with Apache Shiro: http://shiro.apache.org
I see a good fit with OFBiz that could simplify and reduce lot of our code. Jacopo On Oct 8, 2013, at 6:11 PM, Adrian Crum <[email protected]> wrote: > An OFBiz user can replace the default org.ofbiz.security.Security > implementation with their own by changing some configuration files. From my > perspective, those configuration changes are overly complicated. > > In the current implementation, security.xml contains a list of > org.ofbiz.security.Security implementation class names, and > security.properties (security.context property) selects an implementation > from the list. If an OFBiz user wanted to replace the default > org.ofbiz.security.Security implementation with their own, they would have to > modify both files. > > So, it looks like the original intent was to have OFBiz support multiple > Security implementations that can be selected via a property. I'm not > convinced that we need this level of complexity. > > At the least we could reduce implementation selection down to a single > property (the implementation class name) and eliminate the XML file. > > My preference would be to use Java's ServiceLoader to locate an > implementation without the need to change any properties. This is the design > we use currently for other "pluggable" things. So, OFBiz would try to locate > a Security implementation via Java's ServiceLoader, and if one isn't found it > uses the default implementation. > > What do you think? > > -- > Adrian Crum > Sandglass Software > www.sandglass-software.com
