On 21/03/2010 14:36, Rajeev Sampath wrote: > Hello, > > I'm interested in the project idea on implementing JSR 196 specification for > Tomcat. I've used Tomcat for some time, but as I'm not very much familiar > with its internals or JSR 196 spec, I'm in the process of getting > familiarized with them at the moment. > > While searching the dev mailing list archive regarding this idea, I found a > several months old mail thread [1] regarding a Jaspic implementation started > by David Jencks. Basically it says about rewriting web security with Realms > replaced with a Security valve, and a reply [2] in that thread says that JSR > 196 implementation was not among the mandatory stuff at that time. I also > saw that there was an effort to replace Valves with Filters as a GSoC > project last year, which interferes the above idea of replacing Realm with a > valve (this might not be a serious problem anyway). > > Since above is a relatively old discussion, I'd really appreciate if someone > can clarify the current situation and also any viewpoints/comments regarding > this GSoC idea.
JSR 196 is still not mandatory but would be nice to have - hence why I sugegsted it as a GSoC project. Replacing Valves with Filters is a long term goal of mine. However, since Valves have access to the Tomcat internals, replacing all of the Valves may not be possible. To be perfectly honest, I haven't looked closely enough at the code or thought about it long enough to determine if complete replacement is possible or not. In terms of JSR 196, I'd prefer a Filter based solution but Valves would always be a fall-back solution if a 100% filter based approach wasn't possible / practical. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
