Major Description
The current "out of the box" security of Shale Remoting is better (in 1.0.4-SNAPSHOT) than it was in 1.0.3, but still needs to be improved:
- "Dynamic" processor should exclude by default all managed bean
names that are implicitly defined in the JSF spec, and have public
zero-args methods that might mess things up. (Example: executing
# {applicationScope.clear}would be bad.
- All processors should be enhanced to always obey their default
exclude lists, even if the user specifies additional exclude patterns.