https://bz.apache.org/bugzilla/show_bug.cgi?id=64712
--- Comment #5 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Robert Rodewald from comment #4) > I suppose that's why the spec does not impose any restrictions on the > authType. Okay. I'm largely ignorant of the details of JASPIC and I'm trying to familiarize myself with it as much as possible. I believe markt has been the primary Tomcat committer working on JASPIC so far. Hopefully I'll finally be able to change that :) If the JASPIC provider can be "trusted" to pass-back a valid/meaningful autoType to the container, then I think it's perfectly reasonable to use that authType for later stages. My only concern is that Tomcat might be looking for authType=JASPIC for certain things. If that's the case we'll need something more complicated in Tomcat to track *both* the indicator that JASPIC is in-use and also what the "effective" authType is via the JASPIC provider (which may be some kind of meta-provider, as you suggest). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
