[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] [sec] questions about EE for security


I think the right approach is to set your bundle's EE to reflect the EE dependencies of *your* bundle, and not the bundles you depend on. I.e., if your bundle doesn't directly depend on 1.4, you could still specify an EE of Foundation 1.1 for your bundle.  If it turns out that the JAAS bundle requires 1.4, then your bundle will transitively fail to resolve anyway. That way you're not building assumptions into your bundle about the EE of downstream bundles that may change in the future.

John



Scott Lewis <slewis@xxxxxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/31/2007 05:53 PM

Please respond to
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
[equinox-dev] [sec] questions about EE for security





Hi Folks,

Some questions:  I thought I understood (from Equinox Summit) that the
recently approved minimum EE for Equinox 3.4 (Ganymede) was CDC
1.1/Foundation 1.1.

I see from looking at the equinox JAAS integration bundles (e.g.
org.eclipse.equinox.security.auth) that the runtime environment minimum
for those bundles is set to JRE 1.4.  I understand this, as the JAAS
work depends upon packages like javax.security.auth, and
javax.security.auth.login, etc.  which do not seem to be in CDC
1.1/Foundation 1.1.

So maybe I just answered my own question:  it seems that the JAAS
security bundles/plugins must assume JRE 1.4 (and can't/won't run on CDC
1.1/Foundation 1.1).  So the implicit (to me anyway) idea here is that
bundles that use/extend/depend upon the JAAS security integration also
obviously must assume JRE 1.4 and not just CDC 1.1.  Correct?

Scott


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev