Re: [RTC] pluggable jacc
Hi, I had a look to the patch and I think that it will take me about one night to review it. As I will be on holidays this Friday, only 2 nights left, and away from any computer for 3 weeks, I am happy to vote now if need be. I do have a couple of questions, more for my education than anything else: * why is the root security element used as a placeholder for group substitution in the geronimo-application schema? I would have thought that this placeholder would be better in the geronimo-security schema where the out-of-the-box/Geronimo substitution group is defined; and * I think that SecurityBuilder should have a way to modify the Environment of a Web-app module and, hence, that an additional method should be added to do that during the createModule phase. Otherwise, I am not sure how additional parent modules or specific dependencies can be added to a Web-app module such that the GBeans added by the builder can run. Also, it is worth to underline that the definition of a substitutable service element, which is currently replaceable by a gbean element seems to be a very flexible configuration mechanism. What would be awesome is to be able to register additional ElementConverter with SchemaConversionUtils such that developers working on their home grown substitution groups do not need to change this class. Obvisously, I am sold :) Thanks, Gianny David Jencks wrote: I think my latest patch for pluggable jacc is plausible to commit, see http://issues.apache.org/jira/browse/GERONIMO-1563?page=all and be sure to apply only the v4 patches. I realize this is a significant amount of work, so at this time I'm not actually asking any PMC members to review this, but I would greatly appreciate it if at least 3 could spend a couple minutes estimating how long they think it would take them to evaluate the patch and when they might be able to complete evaluating it, as this will personally affect my plans for the next few weeks. I think all the committers and other contributors might find this information useful in planning their development activities for the next few months. Many thanks, david jencks
Re: [RTC] pluggable jacc
Gianny Damour wrote: Hi, I had a look to the patch and I think that it will take me about one night to review it. As I will be on holidays this Friday, only 2 nights left, and away from any computer for 3 weeks, I am happy to vote now if need be. I do have a couple of questions, more for my education than anything else: * why is the root security element used as a placeholder for group substitution in the geronimo-application schema? I would have thought that this placeholder would be better in the geronimo-security schema where the out-of-the-box/Geronimo substitution group is defined; and * I think that SecurityBuilder should have a way to modify the Environment of a Web-app module and, hence, that an additional method should be added to do that during the createModule phase. Otherwise, I am not sure how additional parent modules or specific dependencies can be added to a Web-app module such that the GBeans added by the builder can run. Also, it is worth to underline that the definition of a substitutable service element, which is currently replaceable by a gbean element seems to be a very flexible configuration mechanism. What would be awesome is to be able to register additional ElementConverter with SchemaConversionUtils such that developers working on their home grown substitution groups do not need to change this class. Forget this point... While trying to see how this could be done I discovered that it is actually already done, by XmlBeansUtil... Thanks, Gianny Obvisously, I am sold :) Thanks, Gianny David Jencks wrote: I think my latest patch for pluggable jacc is plausible to commit, see http://issues.apache.org/jira/browse/GERONIMO-1563?page=all and be sure to apply only the v4 patches. I realize this is a significant amount of work, so at this time I'm not actually asking any PMC members to review this, but I would greatly appreciate it if at least 3 could spend a couple minutes estimating how long they think it would take them to evaluate the patch and when they might be able to complete evaluating it, as this will personally affect my plans for the next few weeks. I think all the committers and other contributors might find this information useful in planning their development activities for the next few months. Many thanks, david jencks
Re: [RTC] pluggable jacc
On Jul 4, 2006, at 7:03 AM, Gianny Damour wrote: Gianny Damour wrote: Hi, I had a look to the patch and I think that it will take me about one night to review it. As I will be on holidays this Friday, only 2 nights left, and away from any computer for 3 weeks, I am happy to vote now if need be. I do have a couple of questions, more for my education than anything else: * why is the root security element used as a placeholder for group substitution in the geronimo-application schema? I would have thought that this placeholder would be better in the geronimo- security schema where the out-of-the-box/Geronimo substitution group is defined; That would work too. I was thinking that security only applies to j2ee artifacts and that someone might want to run without the geronimo security-builder module in their system. This might be unrealistic since the client deployer and openejb deployer both have hardcoded use of the geronimo security builder (to build default principals), but it ought to work for web apps. For the analogous case of services/gbeans, I thought that there was no likelyhood of anyone trying to run without the gbean builder :-) My arm could be twisted on that however :-). and * I think that SecurityBuilder should have a way to modify the Environment of a Web-app module and, hence, that an additional method should be added to do that during the createModule phase. Otherwise, I am not sure how additional parent modules or specific dependencies can be added to a Web-app module such that the GBeans added by the builder can run. At the moment I think you'd have to include the necessary jars as explicit dependencies. I agree that this functionality is needed. It's also needed for the web services builder. I was hoping to get this much committed and then consider how many of the builder concepts we have can be unified into namespace driven builders: I'm hoping at least the web services builder can be. Also, it is worth to underline that the definition of a substitutable service element, which is currently replaceable by a gbean element seems to be a very flexible configuration mechanism. I'm pretty happy with this. I'm planning to convert the login module builder to this style, I think we can have something that looks much more like the sun login module config, just written in xml, with little bits to point out if we want our extensions such as principal wrapping. What would be awesome is to be able to register additional ElementConverter with SchemaConversionUtils such that developers working on their home grown substitution groups do not need to change this class. Forget this point... While trying to see how this could be done I discovered that it is actually already done, by XmlBeansUtil... Thanks for your review and your, as always, perceptive and interesting comments! david jencks Thanks, Gianny Obvisously, I am sold :) Thanks, Gianny David Jencks wrote: I think my latest patch for pluggable jacc is plausible to commit, see http://issues.apache.org/jira/browse/GERONIMO-1563? page=all and be sure to apply only the v4 patches. I realize this is a significant amount of work, so at this time I'm not actually asking any PMC members to review this, but I would greatly appreciate it if at least 3 could spend a couple minutes estimating how long they think it would take them to evaluate the patch and when they might be able to complete evaluating it, as this will personally affect my plans for the next few weeks. I think all the committers and other contributors might find this information useful in planning their development activities for the next few months. Many thanks, david jencks
[RTC] pluggable jacc
I think my latest patch for pluggable jacc is plausible to commit, see http://issues.apache.org/jira/browse/GERONIMO-1563?page=all and be sure to apply only the v4 patches. I realize this is a significant amount of work, so at this time I'm not actually asking any PMC members to review this, but I would greatly appreciate it if at least 3 could spend a couple minutes estimating how long they think it would take them to evaluate the patch and when they might be able to complete evaluating it, as this will personally affect my plans for the next few weeks. I think all the committers and other contributors might find this information useful in planning their development activities for the next few months. Many thanks, david jencks