On 10/06/2015 14:04, Arjan Tijms wrote: >> We are implementing JASPIC 1.1, and there will be quite a >> lot changes anyway. > > > JASPIC 1.1 itself was not a huge change over JASPIC 1.0, but it did put > some extra requirements in place like the ability to forward and include > resources using the HttpServletRequest and HttpServletResponse that's made > available to a SAM. > > If a Tomcat valve can already do forwards/includes correctly, then this is > trivial to support (no extra code needed). However, IFF Tomcat would not > support those, then some extra coding inside Tomcat's internals *may* be > needed (but Mark would know more about how to forward then).
I don't really understand what the requirement is here. Can you expand / point me to the part of the spec? > Not necessarily. JASPIC is first and foremost configured using a > programmatic API from within the application. See > http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html Interesting. > Optionally (but highly recommended!) a JASPIC authentication module can be > registered at the container level using a vendor specific mechanism. If I'm > not mistaken Mark made some remarks about this earlier. Tomcat already has > some dedicated configuration files for this. My expectation is that all of Tomcat's existing authentication mechanisms would be made available at the container level (BASIC, DIGEST, FORM, CLIENT-CERT, SPNEGO). It should be a small step from there to replacing Tomcat's current authenticators with the appropriate JASPIC config. > My take is that for step 1 it's best to focus on the programmatic > installation of an authentication module (and wrapper artifacts) first, and > make sure the most simple authentication case works (which means just > passing the username/roles to the container and doing nothing else). > > Then look at the container side registration later. Sounds good. Thanks for the tip. Cheers, mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
