Mark,
On 4/26/21 12:17, Mark Thomas wrote:
In reviewing references to Java EE (and J2EE) remaining in the Tomcat 10
repo I found the following:
JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication
framework for J2EE v1.4, based on the href="https://www.jcp.org/en/jsr/detail
Thinking out loud: can't it become a jaspic jaas impl delivered on central
(this point is crucial), can be tomcat-jaas or so but not bundled by
default in the distribution?
Jaspic enables to do from the app so it becomes an option it seems which
enables the use case so limit a lot the required "glu
Le lun. 26 avr. 2021 à 20:48, Mark Thomas a écrit :
> On 26/04/2021 18:49, Jean-Louis MONTEIRO wrote:
> > JAAS, JASPIC and Jakarta Security are all different.
>
> My mistake. I knew JASPIC had a slightly bigger rename than most specs
> and incorrectly thought it became Jakarta Security. It actual
On 26/04/2021 18:49, Jean-Louis MONTEIRO wrote:
JAAS, JASPIC and Jakarta Security are all different.
My mistake. I knew JASPIC had a slightly bigger rename than most specs
and incorrectly thought it became Jakarta Security. It actually became
Jakarta Authentication. All previous references fr
JAAS, JASPIC and Jakarta Security are all different.
Tomcat does not implement Jakarta Security so removing JAAS creates a gap
in my opinion.
I'd second Romain, JASPIC requires a SAM to be implemented by the
application.
Long story short, I'd probably deprecate for 10.x and target a removal for
1
Le lun. 26 avr. 2021 à 18:57, Mark Thomas a écrit :
> On 26/04/2021 17:38, Romain Manni-Bucau wrote:
> > JAASRealm is quite commonly used whereas JASPIC is almost never used
>
> References?
>
Sadly not public but all project not using a custom valve/auth where using
jaas and some good part of it
On 26/04/2021 17:38, Romain Manni-Bucau wrote:
JAASRealm is quite commonly used whereas JASPIC is almost never used
References?
In my trawl of the Tomcat archives those using the JAAS realm appeared
to have better solutions available whereas those using JASPIC were doing
so for the "right" r
JAASRealm is quite commonly used whereas JASPIC is almost never used (and
not even speaking of Jakarta Security which has no link with two previous
ones).
Main difference is the fact JAAS is in the JVM (with some impl like OS one
which is not always trivial to do portably) whereas two others are no
On Mon, Apr 26, 2021 at 09:17 Mark Thomas wrote:
> In reviewing references to Java EE (and J2EE) remaining in the Tomcat 10
> repo I found the following:
>
>
> JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication
> framework for J2EE v1.4, based on the href="https://www.jcp.o
In reviewing references to Java EE (and J2EE) remaining in the Tomcat 10
repo I found the following:
JAASRealm is prototype for Tomcat of the JAAS-based J2EE authentication
framework for J2EE v1.4, based on the href="https://www.jcp.org/en/jsr/detail?id=196";>JCP Specification
Request 196 to e
10 matches
Mail list logo
