Moved to design forum. I'm inclined to pursue approach 2).
In HEAD, I have generalized security config to not be Jaas dependent but to cater to both authentication as well as authorization information.
Given this, it boils down to one step:
In XMLLoginConfigImpl, when there is a request made for
public AppConfigurationEntry getAppConfigurationEntry(String appName)
you have the appName (which is the securityDomain), you just populate the options with a special keyword (maybe "jboss.security.domain"). This way, the user is not forced to add an option to his LM config. Now any LM that wants to obtain the security domain information, can do so by peeking into the options with this keyword (which can be equivalent to Util.SECURITY_DOMAIN)
I see a need for the following in security for the 4.0 codebase:
1) A security constants interface defining constants.
2) A Security utility class. (Util does it but it is for Jaas only).
Thanks guys for your replies. #2 it is then. Anil, my plan was to do exactly as you have advised. The only question remains then. What versions to do this update to? HEAD and Branch_4_0?
head and 4.0.