Security Issues

[Olivier Brand <ol...@intraware.com>]

In the 2.1 documentation, there are links to Authoring services but
those are empty.

I do have 3 different questions I need to address:

- When using the rpcrouter (for example) in an application, how to
prevent this application to deploy/undeploy (or even list) the services
on the SOAP server ?
Is there a mechanism or a hook in the architecture preventing people to
use specific services (the one to manage the server for example) ?

- This question is related to the previous one: Where is the best place
to add a hook to add extra security (like ACL) on the SOAP server ? Is
it at the provider level in the locate() method ?

- Is there any ConfigManager out there implementing an EJB service
(entity bean) ? That might be a requirement for a clustered environment.

Olivier