Ean Schuessler wrote: > Adrian Crum wrote: >> I don't agree that emailing forgotten passwords is like the Webtools >> application. As you have discovered, emailing forgotten passwords >> entails some decision making, looking up information in various >> entities, selecting and rendering an email body template, etc. From my >> perspective, all of those things are outside the scope of the framework. > > I agree. It is easy to imagine that some applications would not allow a > password to be reset via email. It might be that the application uses > biometrics, cryptographic signatures or who knows what. The framework > authentication stubs should accommodate a diversity of approaches. > > One major question is whether framework, on its own, should even be > runnable as an application. In my opinion, it is a library, not an app > and doesn't need to be operational on its own.
What is your definition of operational? A servlet container that is listing for requests on 8009, 8080? Ready to process rmi requests? Is framework a *pure* library, where the application that runs on top of it is responsible for starting any long-term, background services, or should framework be the application wrapper?