https://issues.apache.org/bugzilla/show_bug.cgi?id=44918
--- Comment #5 from sean.mul...@sun.com 2009-06-23 06:57:41 PST --- (In reply to comment #4) > Sean, > > Yes, we always pass the custom config via > org.apache.xml.security.resource.config > property. The problem with this solution is the inability to specify different > configs for e.g. different webservices in the same Container/VM. Ok, but I believe that requires changes to support multiple configurations in the same VM. Right now, there is only one configuration per VM. So this patch doesn't solve that problem. > On the other hand I see your point with the security concern. > Perhaps we can add a custom Permission class to check against current active > SecurityManager/SecurityPolicy if we are allowed to set the config? Altough > I've never done this. > > What do you think? I think if you added a per-App/container configuration such that it wouldn't affect any other threads in the same VM then you may not need to protect it with a permission. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
