jsr342-experts@javaee-spec.java.net

[jsr342-experts] Re: An example for configuration API

From: Werner Keil <werner.keil_at_gmail.com>
Date: Fri, 9 Sep 2011 14:18:14 +0200

It looks a bit specific at first sight, but one aspect brings up a good
point, that security also might play a role in some scenarios, especially
for multi-tenancy. Let's say, customer A has purchased a more extensive
service than customer B, then only A should have access to certain
resources.

Speaking of older things, the general mechanism of JCA (also a bit outdated
now and around for some time) to allow external files for overriding is also
worth exploring. To bundle otherwise lose XML and similar files into one
archive, probably one that may exist multiple times per tenant.
Any thoughts on how that might work?

Werner

On Fri, Sep 9, 2011 at 1:14 PM, Adam Bien <abien_at_adam-bien.com> wrote:

> Hi All,
>
> a partial example for configuration API already exists and is even already
> supported by all J2EE 1.4+ servers. The JSR-115 Java Authorization Container
> Contract (JACC) is a bit dated but actually a good example for a
> configuration API:
> http://download.oracle.com/javaee/1.4/api/javax/security/jacc/package-summary.html
>
> You can manipulate e.g. permissions:
> http://download.oracle.com/javaee/1.4/api/javax/security/jacc/PolicyConfiguration.htmlprogrammatically. We used JACC for building custom security plugins for app
> servers.
>
> We should extend JACC to all DD in Java EE. Then it would be possible to
> load the configuration from different sources and even override existing
> application settings,
>
> Any thoughts?
>
> adam
>
>


-- 
 Werner Keil | UOMo Lead | Eclipse.org
 Twitter @wernerkeil | Skype: werner.keil | www.eclipse.org/uomo |
#EclipseUOMo
* JavaOne: October 2-6 2011, San Francisco, USA. Werner Keil, Agile Coach,
UOMo Lead will co-present "JSR 321: Trusted Java API"