2016-02-09 15:26 GMT+01:00 Mark Thomas <[email protected]>: > On 09/02/2016 14:18, Rémy Maucherat wrote: > > 2016-02-09 15:04 GMT+01:00 Mark Thomas <[email protected]>: > > <snip/> > > >> Thoughts? Comments? > >> > > > > Thanks for the report. However, the more I thought about it, the more I > was > > convinced JASPIC is useless [besides Arjan asking for it, there's still > > nobody actually requesting it as a Tomcat feature], so I don't think it > is > > a good idea to introduce complexity or degrade performance to have it. I > > would go with the last option: require explicit configuration on the > > Context. > > Thanks for the feedback. I share you concerns regarding performance. > > In terms of demand, no-one is asking for it directly but it does provide > a way to add SAML support (BZ 54503) and I suspect there is demand for > OAuth as well. > > Ok that sound good. In that case since it is relatively specific and not trivial to setup, so an extra configuration in Tomcat to enable JASPIC shouldn't be a major issue.
Rémy
