On Sun, Jun 8, 2008 at 12:16 PM, Les Hazlewood <[EMAIL PROTECTED]> wrote:
> The reason it is not in place now and hasn't been in 3 years is that
> because the vast majority of our community - application and framework
> developers - could care less about JAAS - it is a cumbersome,
> difficult to u
The vote passes with ten binding +1 votes, six non-binding +1 votes,
and no 0 or -1 votes.
Regards,
Alan
On Jun 2, 2008, at 8:05 AM, Alan D. Cabrera wrote:
Relevant information can be found in:
http://wiki.apache.org/incubator/JSecurityProposal
Regards,
Alan
In fact, JAAS was _the_ primary driving factor in what eventually
became JSecurity: I had to execute a number of security operations
for an application, and the only thing out there was JAAS. I found
myself drowning in their mish-mash of incomprehensible APIs and
obscure VM-level security constr
Just a clarification:
JSecurity can be used in any environment - web or not, container or
not. The reason why the Filter approach is best known is that it is
the easiest to set up - Filters allow an 'interceptor' mechanism that
is common to any web container. When not using a Filter, you must us
Full JAAS integration is desired for the 1.0 final release to support
those who actually implement containers. JSecurity is usable in all
containers today, both web and non-web today, just not via JAAS yet.
The reason it is not in place now and hasn't been in 3 years is that
because the vast majo
Frank W. Zammetti wrote:
> Noel J. Bergman wrote:
> > I also see that JSecurity web support relies on a return to
> > application-level security based on a filter, rather than rely on
container
> > management, which has evolved as a cornerstone of Java programming.
> > The reliance on a filter is
Noel J. Bergman wrote:
I also see that JSecurity web support relies on a return to
application-level security based on a filter, rather than rely on container
management, which has evolved as a cornerstone of Java programming. The
reliance on a filter is probably because JSecurity is not (yet?)
How does JSecurity relate to existing standards, e.g., JAAS, JACC,
WS-Security, etc.?
The only reference I found is a comment in the slide show saying "Simplify
or replace JAAS." Well JAAS is the Java standard in this space, and part of
the Java core, so are we proposing a replacement or suppleme
