Hi, On Fri, Oct 16, 2015 at 12:56 PM, Jess Holle [via Tomcat] <ml-node+s10n5040848...@n6.nabble.com> wrote: > My understanding with JASPIC is that one should be able to add > authentication mechanisms that (1) use the same code across any > container that supports JASPIC [as Mark notes] and (2) still use > standard security constraints in one's web.xml to configure > authentication constraints.
Those are indeed the main reasons for JASPIC. JASPIC authentication modules should be fully equivalent to any of the build-in authentication mechanisms like FORM, BASIC, etc in terms of what they can do and how they are treated by the container. This specifically means they fully integrate with any of the existing security mechanisms, such as constraints in web.xml. An other advantage of JASPIC is that the same authentication module can be either installed at the container, shipped with the application, or deployed separately (via its own war). Furthermore, the Security EG (JSR 375) is looking at building higher level functionality that uses the JASPIC APIs as a base, so this may possibly increase the demand for JASPIC in the future. Kind regards, Arjan Tijms > > -- > Jess Holle > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [hidden email] > For additional commands, e-mail: [hidden email] > > > > ________________________________ > If you reply to this email, your message will be added to the discussion > below: > http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5040848.html > To unsubscribe from Consider support for the Servlet profile of JSR 196 > (JASPIC) in Tomcat 7.0.x, click here. > NAML -- View this message in context: http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5040852.html Sent from the Tomcat - Dev mailing list archive at Nabble.com.
