[
https://issues.apache.org/jira/browse/OWB-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209417#comment-14209417
]
Romain Manni-Bucau commented on OWB-1027:
-----------------------------------------
About debug info generally doing it with asm we "generate":
{code}
// original
public void foo() {
bar();
}
// enhanced
public void foo() {
try{ bar(); } catch (Exception e) { ... }
}
{code}
so debugging you hit need few more "enter in the method" than usually but you
keep your code tracking more or less. This is far to be perfect but is usable
more or less while not everywhere in the code.
About "hidding" note: I like
http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/SimpleSecurityService.java
cause it is straight forward.
http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
has the default you mention but you should be able to generate a
ManagedSecurityService with private scope in SimpleSecurityService (surely
renamed OWBSecurityService then) and which would be called only if needed. Ie
by default no impact at all.
About my side note: yes or internal permission tracking or anything
(permissions are extensible).
> Use Apache Commons Weaver's privilizer module for privileged action code in
> OWB
> -------------------------------------------------------------------------------
>
> Key: OWB-1027
> URL: https://issues.apache.org/jira/browse/OWB-1027
> Project: OpenWebBeans
> Issue Type: Task
> Affects Versions: 1.5.0
> Reporter: Matt Benson
>
> See
> [http://commons.apache.org/proper/commons-weaver/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html];
> this code was intended for helping Apache JEE components use the
> {{SecurityManager}} in such a fashion as to make the invocation of privileged
> actions as transparent as possible.
> A concern is that to make full use of the privilizer module's potential,
> OWB's {{SecurityService}} notion would IMO best be removed entirely to
> minimize the surface area of publicly accessible code that makes privileged
> calls. Since this interface and its implementations, as well as the
> {{deprecated SecurityUtil}} class, are {{public}}, this constitutes a break
> in API compatibility and forces the community to think about if, when, and
> how to upgrade OWB to v2.x .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
