Hi,
On 12/03/2012 10:53 PM, Sivakumar Thyagarajan wrote:
> Could we require application servers to support the specification (and
> resolution) of Password aliases in all Configuration Properties of a
> JavaBean that are marked as confidential, and the standard "Password"
> Configuration Property?
>
> *Impact*
> With this change, while a value for a configuration property for a
> JavaBean such as Resource Adapter, MCF or ActivationSpec is specified
> by a user, the user could use a password alias. The application server
> is required to resolve this alias and pass the resolved plain-text
> password to the resource adapter.
>
> *Spec Impact*
> Section 5.3.7.6: Add the following lines: "A Password alias may be used
> while configuring confidential properties. The application server is
> responsible for resolving the alias and passing the clear text password
> to the JavaBean. For more details on the Password Alias feature and its
> format, see Section EE.3.7 "Password Aliasing and Management" of the
> Java EE 7 platform specification."
>
> Section 20.5.4: Add the following lines: "The application server must
> support the specification of password aliases in the Password standard
> Property. For more details on the Password Alias feature and its
> format, see Section EE.3.7 "Password Aliasing and Management" of the
> Java EE 7 platform specification"
>
I agree with this change.
However, you can't make it a mandatory requirement, since existing
certified implementations doesn't support this feature.
So change "must" to "may".
File an issue for JCA.next to make it mandatory and adding a TCK test
for the functionality. In JCA.next the standalone environment definition
would need an update to make this feature optional ("may"), since it
isn't tied to the EE spec.
Best regards,
Jesper