This class implements a {@code DeploymentUnitProcessor} that parses security permission files that might beincluded in application components.
The EE7 specification (section EE6.2.2.6) allows application components to specify required security permissions:
"
Permission declarations must be stored in META-INF/permissions.xml file within an EJB, web, application client, or resource adapter archive in order for them to be located and processed. The permissions for a packaged library are the same as the permissions for the module. Thus, if a library is packaged in a .war file, it gets the permissions of the .war file.
For applications packaged in an .ear file, the declaration of permissions must be at .ear file level. This permission set is applied to all modules and libraries packaged within the .ear file or within its contained modules. Any permissions.xml files within such packaged modules are ignored, regardless of whether a permissions.xml file has been supplied for the .ear file itself."
As can be noted, the EE spec doesn't allow sub-deployments to override permissions set at the .ear level. We find it a bit too restrictive, so we introduced the META-INF/jboss-permissions.xml descriptor. It uses the same schema as the standard permissions.xml file but, unlike the latter, is always processed and the permissions contained in it override any permissions set by a parent deployment. If a deployment contains both permissions files, jboss-permissions.xml takes precedence over the standard permissions.xml.
@author
Stefan Guilhen