[javaee-spec users] [jsr342-experts] Re: password aliasing proposal

From: Jim Knutson <>
Date: Mon, 13 Feb 2012 15:06:45 -0600

Bill Shannon <> wrote on 01/30/2012 04:49:19 PM:
> I've uploaded a proposal from our security team for password aliasing
> support in Java EE 7. Let me know if you have any comments.
> aliasing-ee7-proposal.pdf

I like the idea of aliases, but I'd rather see this abstracted to
credentials rather than just password. There's no guarantee that the
specified id is correct and usable for all deployments so it would be
better to tie the alias to both the id and password and have some dotted
notation to refer to each part of the alias if we have to.

The syntax of substitution is of less interest to me though care should be
taken when reusing existing substitution syntax. For example, there are
going to be cases out there where someone is already using ant style
substitution in a batch build environment and yet we need the id/pwd
substitution to occur in a controlled runtime envionrment. Reusing the ant
syntax may cause more frustration in trying to figure out how not to
substitute for some parts of the metadata.

Jim Knutson
WebSphere Java EE Architect