DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38658>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38658 ------- Additional Comments From [EMAIL PROTECTED] 2006-04-14 16:31 ------- I can offer several reasons why it may be more beneficial to use the server-native API: a) The user can retain currently configured authentication modules and configs without and changes and testing (to configs, or adding/converting (at the class/compile level) existing modules to JAAS). The simple form-based password login is a good example. With JAAS a server config change is required for existing users (many of whom are laymen with working production system). Conversely, the proposed server API works transparently with existing configs (except for a single config that allows accessing server API/classloaders). b) Lightweight - suitable for micro deployments where memory is limited. c) Other servers also provide simple to use API level support for registering a user with a session, even at the expense of inherently not being portable - which is not an issue for many applications e) Vendor; JAAS requires an additional API extention (learn, compile, test) and vendors must train users to learn and re-config for JAAS. This RFE (combined with sample code above) makes implicit user/session registration (by API call) simpler both for vendors* and simple script writers. *(Many vendors already have plugins that interface to server specific APIs for this purpose so the RFE places a smaller burden on vendor and user) So, JAAS is powerful / more ideal in some cases, but may be too complex for simple-to-use & lightweight deployments. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
