[
https://issues.apache.org/jira/browse/OWB-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14208797#comment-14208797
]
Romain Manni-Bucau commented on OWB-1027:
-----------------------------------------
Ok this is clearer, thks.
Debug part is a blocker for me. Why doesnt it work? Or if it just adds 1 or 2
calls on the same line it is acceptable I guess.
I really liked the spi cause it allowed efficient and simple impl. Not sure if
we can find a way to have a kind of flag totally inhibiting it by default
without having the drawbacks you spoke about. Wdyt?
Side note: public API can be protected with a Permission so it can be public
and not exposed ;).
> Use Apache Commons Weaver's privilizer module for privileged action code in
> OWB
> -------------------------------------------------------------------------------
>
> Key: OWB-1027
> URL: https://issues.apache.org/jira/browse/OWB-1027
> Project: OpenWebBeans
> Issue Type: Task
> Affects Versions: 1.5.0
> Reporter: Matt Benson
>
> See
> [http://commons.apache.org/proper/commons-weaver/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html];
> this code was intended for helping Apache JEE components use the
> {{SecurityManager}} in such a fashion as to make the invocation of privileged
> actions as transparent as possible.
> A concern is that to make full use of the privilizer module's potential,
> OWB's {{SecurityService}} notion would IMO best be removed entirely to
> minimize the surface area of publicly accessible code that makes privileged
> calls. Since this interface and its implementations, as well as the
> {{deprecated SecurityUtil}} class, are {{public}}, this constitutes a break
> in API compatibility and forces the community to think about if, when, and
> how to upgrade OWB to v2.x .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
