>
> 2.7 Build-in Identity Store Beans
>>
>> - Embedded -- annotation only? No support for deploying a file or
>> other mechanism? Safety of embedding passwords in file or in code
>> (annotation)?
>>
>>
> Good points! For the moment it's annotation only, but files are indeed
> very common (I put some examples of those here: https://dzone.com/
> refcardz/getting-started-java-ee).
>
> It should indeed be made abundantly clear that the annotation is intended
> for testing / demo purposes, and not normally suited for production usage.
>
>
> Agreed.
>
I disagree, I think these should be removed, anything that can be used will
be used. This would force other implementations to _support_ these
annotations, which seems superficial (only used for demos), and a bad
idea. I personally think, if this annotation is to be kept at all it
should be moved into a different package (org.glassfish.soteria).
Embedding passwords in code like this (which I'm sure would be posted in
blogs and forums) will shine a bad light onto this effort, and the results
will be negative, and thus hurt adoption.