Hi Pascal, Am 05.03.15 um 16:06 schrieb Pascal Mainini: > > I understand your point about the setting beeing dangerous (however I > would expect someone configuring authentication with client certificates > to be able to grasp the implications of it ;-)
Yeah, that would be ideal :) > > We see the following possibilities: > 1. (for completness) patch as-is > 2. The patch but without metatype-definitions (thus the feature could > not directly be configured over configmgr-gui, needing more > interaction from the user) > 3. Extend the code to make this injectable as a service > > What do you think? > Ok, I guess 3. is maybe really overkill, especially as we would have to introduce an API package for the Jetty implementation (which we currently do not have). 1. scares me :) , 2. sounds like a good compromise for me. What do others think? Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
