Matt Benson created OWB-1027:
--------------------------------
Summary: Use Apache Commons Weaver's privilizer module for
privileged action code in OWB
Key: OWB-1027
URL: https://issues.apache.org/jira/browse/OWB-1027
Project: OpenWebBeans
Issue Type: Task
Affects Versions: 1.5.0
Reporter: Matt Benson
See
[http://commons.apache.org/proper/commons-weaver/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html];
this code was intended for helping Apache JEE components use the
{{SecurityManager}} in such a fashion as to make the invocation of privileged
actions as transparent as possible.
A concern is that to make full use of the privilizer module's potential, OWB's
{{SecurityService}} notion would IMO best be removed entirely to minimize the
surface area of publicly accessible code that makes privileged calls. Since
this interface and its implementations, as well as the {{deprecated
SecurityUtil}} class, are {{public}}, this constitutes a break in API
compatibility and forces the community to think about if, when, and how to
upgrade OWB to v2.x .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
