I was thinking the same thing that you were, EJBSecurityInterceptor should be moved to OpenEJB. I think that we should avoid bringing in OpenEJB interfaces back into Geronimo, if we can help it.
I am entertaining the idea that containers can provide their own pluggable PolcyContextFactories. Theses PolicyContexts would be highly optimized for their containers, e.g. OpenEJB PolcyContexts would use bitvecs for their permission checks. I've been holding off on this while our discussions, Jan and I, progress. I'm kind of thinking that there may be a way to use this pluggable PolcyContextFactory to satisfy Jan's concerns about dynamic roles. Regards, Alan -----Original Message----- From: Jeremy Boynes Sent: Mon 12/1/2003 11:18 AM To: [EMAIL PROTECTED] Cc: Subject: Re: Interceptors Alan D. Cabrera wrote: > It seems that there have been some substantial changes in this area. > What are the plans on completing this work? What do I need to do to > upgrade my interceptors? > > > Regards, > Alan > Alan - apologies, I made the changes to the security interceptor and meant to finish, then got cut off from my computer. The reason this proved more complex than the other interceptors is that it mixes Geronimo code with EJB specific functionality from OpenEJB. This needs a careful choice of which interfaces should be defined by Geronimo and which by OpenEJB. My current thinking is that EJBSecurityInterceptor should be moved to OpenEJB, leaving the security implementation in Geronimo but placing the hook for EJBs in OpenEJB. The alternative would be to bring interfaces like EJBInvocation, EJBInstanceContext and TransactionContext into Geronimo. The downside to this though is that some of these are specific to the OpenEJB implementation and are not suitably generic. Thoughts? -- Jeremy
<<winmail.dat>>
