Of course, the current strategy causes problems because it means
sometimes we need to wire up certain containers in special ways
(e.g., JBoss). And it's sometimes a deployment hassle. From the
deployer standpoint, it's probably not very obvious what the
jspwiki.jaas config file we use does.
Yes, totally agree. Getting the JAAS configuration right is a pain.
2) Get rid of significant chunks of the JAAS login scheme we use,
and do something a little simpler. I'm thinking, in particular, of
putting in a very lightweight servlet filter that wraps the
incoming HttpServletRequest. It would delegate to WikiSession for
getUserPrincipal() and
The fact that this is how most Stripes users are doing their auth
didn't influence your decision in any way? ;-)
I don't see too many downsides to this, frankly. Really, this is
more about the "plumbing" than stuff that would be visible to
users, deployers or developers not named Andrew.
Thoughts? There's nothing that says we need to wait until 3.0. If
everyone likes this idea, we could do it in 2.8.
I think this sounds pretty good. I've never been much of a fan of
JAAS, since it adds all sorts of weirdosities - I have to admit that
all those Callbacks sound very strange to me, when you're used to
simplicity of Beans.
/Janne
