2015-10-16 13:25 GMT+02:00 Arjan Tijms <arjan.ti...@gmail.com>: > Hi, > > Those are indeed the main reasons for JASPIC. JASPIC authentication > modules should be fully equivalent to any of the build-in > authentication mechanisms like FORM, BASIC, etc in terms of what they > can do and how they are treated by the container. > > This specifically means they fully integrate with any of the existing > security mechanisms, such as constraints in web.xml. > > An other advantage of JASPIC is that the same authentication module > can be either installed at the container, shipped with the > application, or deployed separately (via its own war). > > Furthermore, the Security EG (JSR 375) is looking at building higher > level functionality that uses the JASPIC APIs as a base, so this may > possibly increase the demand for JASPIC in the future. > > I still think it is far preferable at the moment to implement 4 or 5 proprietary auth "modules" that will behave predictably than try to use this standard API that is far more complex and has behavior differences on each server. Of course it would be better if this was not the case.
Rémy
