You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2014/11/08 00:00:35 UTC
[jira] [Commented] (OWB-1027) Use Apache Commons Weaver's
privilizer module for privileged action code in OWB
[ https://issues.apache.org/jira/browse/OWB-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14202892#comment-14202892 ]
Romain Manni-Bucau commented on OWB-1027:
-----------------------------------------
-1, this is an API and each user can change it depending the need. This is a feature not an impl detail imho. Implementing it with privilizer is possible but shouldnt break any api nor add any dependency
> Use Apache Commons Weaver's privilizer module for privileged action code in OWB
> -------------------------------------------------------------------------------
>
> Key: OWB-1027
> URL: https://issues.apache.org/jira/browse/OWB-1027
> Project: OpenWebBeans
> Issue Type: Task
> Affects Versions: 1.5.0
> Reporter: Matt Benson
>
> See [http://commons.apache.org/proper/commons-weaver/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html]; this code was intended for helping Apache JEE components use the {{SecurityManager}} in such a fashion as to make the invocation of privileged actions as transparent as possible.
> A concern is that to make full use of the privilizer module's potential, OWB's {{SecurityService}} notion would IMO best be removed entirely to minimize the surface area of publicly accessible code that makes privileged calls. Since this interface and its implementations, as well as the {{deprecated SecurityUtil}} class, are {{public}}, this constitutes a break in API compatibility and forces the community to think about if, when, and how to upgrade OWB to v2.x .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)