You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by David Blevins <da...@visi.com> on 2007/04/09 01:03:42 UTC

Re: Security

Heads up on a fairly sweeping change.  For the longest time we've had  
a securityIdentity field in our container invoke signature, i.e. this:

public interface RpcContainer extends Container {

     public Object invoke(Object deployID, Method callMethod, Object  
[] args, Object primKey, Object securityIdentity) throws  
OpenEJBException;
}


With security now in and functional, it's clear that this is no  
longer needed.  To be clear it used to be needed, but since the  
ThreadContextListener concept was added it's completely possible and  
reasonable for a security service to track the security identity  
(which is their object to begin with) all by themselves.  We no  
longer need it passed into the container anymore as the container  
never did anything with it but pass it into the security service, now  
it's just cruft.

So, going to yank it from the invoke signature.   Rather going to add  
a second invoke and deprecate the first.  At some point when we can  
make sure no one is using the old invoke signature, we can fully  
remove it.

Anyway, heads up.

-David