On 10/02/2015 18:42, Arjan Tijms wrote: > Hi, > > On Tuesday, February 10, 2015, Fjodor Vershinin [via Tomcat] < > ml-node+s10n5029627...@n6.nabble.com> wrote: > >> Hello! >> I am CS student and it looks like that this task is quite interesting. I >> would take it for GSOC if ASF organization will be selected. Currently I >> have some time to do research in Tomcat codebase. Could you provide me some >> entry points? > > > Thanks for your interest in this. An entry point could be my original > JASPIC article that you can find here; > http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html > > At the end of the article you'll find a list of resources. > > My approach would be to investigate how Tomcat integrates authentication > modules, eg look at the source of the JAAS support in Tomcat; that code has > to do similar integration. You can look at JBoss 7.x for an example too, it > used Tomcat and an integration Valve (WebJaspiAuthenticator seehttp:// > grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.as/jboss-as-web/7.1.1.Final/org/jboss/as/web/security/jaspi/WebJASPIAuthenticator.java
If you do look at JBoss keep in mind it is GPL licensed and we need to be very careful that we don't end up with GPL'd code in Tomcat. > ) > > Geronimo also implemented JASPIC and used Tomcat, so that implementation > would be high on the list to study too. Personally, I'd look more much more closely at Geronimo. Keep in mind that part of the goal is to replace the existing authenticators with JASPIC modules. (As suggested on the Servlet EG list.) > Many implementations have a (large) part of their code dedicated to > handling some xml file where jaspic auth modules are defined. Strictly > speaking this is not a required part of JASPIC, but it's somewhat expected > for configuring modules at the container side (as apposed to from within > the app archive). Tomcat already has a lot of the infrastructure for handling this sort of thing. It could be as simple as adding a few digester rules. > I did actually more or less promise to do this implementation myself, but > so far havent found the time for it. I think we all know that feeling - hence why I suggested it for GSoC. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
