You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by David Blevins <da...@visi.com> on 2007/04/09 01:03:42 UTC
Re: Security
Heads up on a fairly sweeping change. For the longest time we've had
a securityIdentity field in our container invoke signature, i.e. this:
public interface RpcContainer extends Container {
public Object invoke(Object deployID, Method callMethod, Object
[] args, Object primKey, Object securityIdentity) throws
OpenEJBException;
}
With security now in and functional, it's clear that this is no
longer needed. To be clear it used to be needed, but since the
ThreadContextListener concept was added it's completely possible and
reasonable for a security service to track the security identity
(which is their object to begin with) all by themselves. We no
longer need it passed into the container anymore as the container
never did anything with it but pass it into the security service, now
it's just cruft.
So, going to yank it from the invoke signature. Rather going to add
a second invoke and deprecate the first. At some point when we can
make sure no one is using the old invoke signature, we can fully
remove it.
Anyway, heads up.
-David