> -----Original Message----- > From: David Jencks [mailto:[EMAIL PROTECTED] > Sent: Friday, November 19, 2004 7:50 PM > > I think there is a conceptual problem with the current auto-mapping > security code. > > This should be done at deployment time (soon it will even be possible > for web apps). > > However, the realms needed are going to be part of the server > configuration, not the ("static") deployment configuration. Therefore > they may or may not be started at deployment time. It looks to me as > if the automapping requires the realm to be running in order to get the > default principal and set of principal classes. > > So far I don't see a good solution to this problem. Ideas?
Here are my feelings: - The roles should be auto mapped at deployment time. The auto generated role mappings are frozen at deployment time; this keeps things tractable. - The auto mappers should be divorced from the security realms. - We need to add live mapping mechanisms to our JAAC policy configurations but, this is a separate paradigm from auto mapping. Regards, Alan
