Alan D. Cabrera wrote:
What are the goals for the default configuration? I had always thought that it was a simple example of how the server could work.
The default configuration is the primary one that gets certified and so needs to support all the J2EE functions. One of those is deployment (JSR88) so we need a secure way for a deployer to connect to the server and do things like start/stop applications and distribute new ones.
I set up a properties realm with a user "system" so that the deployer could authenticate and this is what I was referring to as default - this is not particularly secure and I would prefer to have a more robust solution (say with encrypted passwords ;-) ) but it works for now.
Any ideas/feedback from users on what they would like to see here would be appreciated.
-- Jeremy
