The SecurityDeployer should have the server default. We also need to start integrating the metadata repository api to allow for the SecurityDeployer to pickup a default from a higher level. The unified metadata and repository integration is something I'll start on next week.
Ok. For now, I will just bask in the following glory that had eluded our test suite for sometime, wrt timers.
asaldhana~/jboss-5.0/jboss-head/testsuite> ant -Dtest=org.jboss.test.timer.test .SecureTimerUnitTestCase one-test Buildfile: build.xml Overriding previous definition of reference to jboss.test.classpath one-test: [junit] Running org.jboss.test.timer.test.SecureTimerUnitTestCase [junit] Tests run: 5, Failures: 0, Errors: 0, Time elapsed: 59.406 sec BUILD SUCCESSFUL Total time: 1 minute 2 seconds
Is anybody looking at the messaging stuff in trunk test suite?
Will we keep the function as specified in http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html#ch8.declarativesecurity2.sect where I can just put in an unauthenticated principal in the deployment?
See also http://jira.jboss.com/jira/browse/EJBTHREE-973
Another question then is what if the caller supplies a principal, but there is no realm to validate against? I say a warning at least.
Scott, there is a null for the unauthenticatedprincipal from the application meta data.
There is a pending issue for the unauthIdentity to be placed in the SecurityDeployer as per JIRA -
The old metadata was doing a jmx call to the security manager to pickup a DefaultUnauthenticatedPrincipal setting. This needs to be moved into the parsing deployer layer.