Bill Shannon wrote:
> Ashish Sahni wrote:
>>> Is it possible to limit the codebase that needs these permissions to
>>> some jruby code that gets used by the application, or must the whole
>>> application have these permissions?
>> It is possible to limit the permissions to a set of jruby libs.
>> However, as of now there is a mode wherein the jruby libs would be a
>> part of
>> the WAR (as opposed to being present at a static location)
>
> "A mode", meaning there are other modes as well? What are they?
>
> Seems like we ought to have a way that these security permissions
> could be included in the JRuby package (e.g., in the war file) and
> GlassFish would automatically configure these permissions for the
> war file at deployment time.
>
> Similarly, if I can deploy the JRuby engine separately, and then
> later deploy applications that make use of it, it would be nice if
> there were a way to specify the security permission requirements in
> that mode as well.
>
> And I'm sure things besides JRuby could take advantage of this.
For what it's worth, if there's a way to accomplish what we're doing
with BC (whatever it is) without registering it as a provider, we're
fine making that change. The developer who introduced the BC dependency
may just not have known another way.
Of course I'm completely in the dark when it comes to security providers
and how they all fit together. But I wanted it to be known that if we
don't need to be doing this, we'll change it. So feel free to educate us
on appropriate security provider usage...
- Charlie