Hi, just commited another step, can you review it Andy please? I propagated ProtocolMetaData to check it. I updated it to 4.6 (to match the openejb version where it was introduced). The version field was more related to a single object IMO and here we allow a protocol update that's why i decided to go this way (we can still change it).
It shouldn't be a security issue since 1) before it was not, 2) the authenticationInfo are mainly here to set a security context (permissions). If we only expect login as security it can be an issue but it was really not the idea of login-with-request feature. wdyt? *Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2013/8/6 Romain Manni-Bucau <[email protected]> > if we can just update the protocol meta data it is the best solution we > have. > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > 2013/8/6 AndyG <[email protected]> > >> I've been trying something similar, and a new request code is probably the >> best option. The only issue is as you state - Could this be a hole into >> the >> new server? >> >> A solution to that could be to add a server option, something like - >> AllowOldClients = false. >> >> Another option that I was looking at was the impact of changing the >> ProtocolMetaData OEJB version to 3.2 - This would give us the 'minor' >> version to query early in the request? >> >> >> >> -- >> View this message in context: >> http://openejb.979440.n4.nabble.com/EJBD-tp4664447p4664536.html >> Sent from the OpenEJB Dev mailing list archive at Nabble.com. >> > >
