2016-02-09 15:04 GMT+01:00 Mark Thomas <ma...@apache.org>: > I've been working with the JASPIC test suite Arjan recommended[1]. There > are a few wrinkles but I've got things working well enough that I can > test the JASPIC code I'm working on. > > I've reached the point where I need to hook in to the authenticators and > this had raised some interesting questions. > > The samples use a SevletContextListener to register the JASPIC > AuthConfigProvider. > > The problem is that SevletContextListener events fire after the > authenticator has been configured. > > As I thought about this some more, I realised that there is nothing in > the Servlet Container profile in the JASPIC spec (that I have been able > to find) about when AuthConfigProvider registration takes place. This > means that AuthConfigProvider registrations and de-registrations could > take place while the web application is running. > > I am currently leaning towards a refactoring of AuthenticatorBase along > the following lines: > - implement authenticate() and have it delegate to a new protected > method doAuthenticate() > - have authenticate() check (i.e. on every request) for a JASPIC config > and use it if present > - cache what I can (for speed) and use a RegistrationListener to track > updates > > The refactoring does mean that any custom authenticator will not support > JASPIC unless it is updated to over-ride doAuthenticate() rather than > authenticate(). > > I'm concerned that looking for a JASPIC configuration on every request > could slow things down. I'll test this and, if it does, I'll make JASPIC > support something that has to be explicitly enabled for a Context. > > Thoughts? Comments? >
Thanks for the report. However, the more I thought about it, the more I was convinced JASPIC is useless [besides Arjan asking for it, there's still nobody actually requesting it as a Tomcat feature], so I don't think it is a good idea to introduce complexity or degrade performance to have it. I would go with the last option: require explicit configuration on the Context. Rémy > > Mark > > > [1] https://github.com/javaee-samples/javaee7-samples > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
