Re: JSR311: Servlet spec changes for security and JSR311

From: Bill Burke <>
Date: Wed, 02 Apr 2008 09:04:29 -0400

*You* may not want it, but many will, particularly Admins. They won't
want to look at 500 .java files to determine the security model.
Assigning permissions to URLs is something they understand.

Stephan Koops wrote:
> Hi Bill,
>> Finally, security is one of those cross cutting concerns that a lot of
>> users want statically declared in XML. Although a neat feature,
>> dynamic sublocators are a pretty fringe, esoteric use case that 99% of
>> users won't want or need.
> I don't like it to have here my code and at another point (XML file) the
> security declaration. IMO this is only useful if their are a *very*
> little number of global declarations. If I need it differentiated for
> multiple artifacts, than I hate it to have this separated, because this
> concepts tend to forget the change in the xml file.
> Stephan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Bill Burke
JBoss, a division of Red Hat