The big change in the current JBoss security layer in terms of MBeans and interfaces is that the extension point for security needs to be based on the JACC apis as much as possible with any extensions we deem neccessary. Currently the contract is just the AuthenticationManager, RealmMapping.
You'll have to clarify the notion of association with the j2ee component modules.
-- xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
Vesco Claudio wrote:
Hi alls!
Sorry for my english... :-)
I am also interested in working in the JACC area.
I propose this roadmap:
1) implementing the required javax.security.jacc.* classes/interfaces in j2ee module. this javax.security.jacc.* does not depend on jboss
2) implementing a MBean that manage jacc
3) [the dirty work] rewrite/restyle the jboss security system :-)
For point 3, I have in mind this proposal:
- we need j2sdk 1.4 then we can remove deprecated classes
- jaas authentication with javax.security.auth.conf.AppConfigurationEntry[] associated to single module (ejb, ejbjar, ear, web, sar etc) with default to parent module. in this way a ejb is self contained and we don't need to modify the global configuration
- jaas authorization associated to single module with merging to parent module (so we can run ejb/sar & co in a sandbox)
Claudio
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
