The new snapshot is available.  It's still a work in progress, so  
there are still many regression failures.  We're at the end of week 6  
of the 8-week release schedule for 3.1.5.

There are a bunch of important updates in the snapshot, together with  
bug fixes:

  * management password configuration
  * authenticator configuration update
  * new abstract class for custom authenticators
  * ejb/webbeans integration
  * jca/mdb activation-spec cleanup
  * remoting cleanup with driver API and CXF integration

The documetation for the security stuff will be at 

The remoting documentation will be at 

The wiki integration page for CXF is at

1) management update.

The new management section in the resin.conf looks like:

     <management path="admin">
       <user name="harry" password="MD5HASH=="/>
       <user ...

The password is a md5 digest, md5(user:password:resin).  It's used  
for both the admin interface and as a default authenticator if you  
don't define a separate <authenticator>

2) ejb/webbeans integration

The class enhancement for ejb and webbeans now uses the same code.   
This means any webbean can use any ejb annotation, like @RolesAllowed  
or @TransactionAttribute.  It also means EJBs can use the webbeans  
interception annotations.

The main purpose of the integration, though, is to use the same code  
so we get better test coverage.

3) authenticator configuration update

We've added a new option for authentication configuration, using a  
uri-based system to choose authenticators as an extension to the old  
class-based on.  The authenticators are registered in META-INF/ 
services with their own URI scheme, which can be used in an  
authenticator as follows:

   <authenticator uri="properties:password-digest=none">

The old class="..." still works, of course.

4) AbstractPasswordAuthenticator.

The security section has a new AbstractPasswordAuthenticator, which  
should make creating custom authenticators easier.  The only method  
you'll need to implement is:

   protected PasswordUser getUser(String userName);

5) jca/mdb

There's been a bunch of work on the jca/mdb integration (basically  
was missing before).  The
configuration looks like the following:

   <jms-message-bean class="qa.MyListener">
     <authentication-spec uri="activemq:">
       <init foo1="value1" foo2="value2"/>

(Assuming that the classname for the activemq ActivationSpec is  
registered in META-INF/services)

(The connection side configuration of jca is also getting revamped,  
but it's not quite ready yet.)

6) remoting cleanup

We've split the remoting protocols into a driver system.  The server  
end of the protocol extends  

   public Servlet createServlet(Class serviceApi, Object service)

The client end extends  

   public Object createProxy(Class api);

And you can add uri prefixes in META-INF/services to simplify the  
configuration.  Currently, we have "hessian:", "burlap:", "cxf:", and  

The server configuration is actually a servlet (this is actually a  
servlet-spec feature):

   <servlet-mapping url-pattern="/hello">
     <protocol uri="hessian:"/>

The remote configuration looks like:

   <remote-client interface="qa.Hello">

-- Scott

resin-interest mailing list

Reply via email to