On Tue, Mar 18, 2008 at 12:44:33AM -0600, Andrew Jaquith wrote: > Hey Alex -- you asked a fine question. We do indeed use JAAS > LoginModules to access container credentials. Those will still be used > in 2.8.. What changes is the need to rely on JVM-wide JAAS > *configuration* -- specifically the need to obtain a LoginContext from > the JVM-wide config. > > The new strategy keeps the stuff that works (the LoginModule classes) > and kills the stuff that is annoying (the need for a JAAS config file > aka jspwiki.jaas.. sounds great, does this also mean it will be easier to have ldap based user and group module > > On Mar 17, 2008, at 23:55, Alex Samad <[EMAIL PROTECTED]> wrote: > >> Hi >> >> On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote: >>> All -- >>> >>> I went ahead and did something I've been meaning to do for a while: >>> eliminate the dependency on JAAS configuration from JSPWiki. The idea >>> was to get rid of the tweaks and hacks we use to configure the login >>> process, and eliminate a bunch of configuration hassles. >>> >>> It's all ready to go: code, unit tests, javadoc and jspwiki comments. >>> All I need is a 2.8 branch to put it in. >>> >>> Some more information about the refactoring: >>> >>> The technique I've employed does three things: it refactors >>> AuthenticationManager, adds some responsibilities to >>> WikiServletFilter, >>> and moves configuration of the login process to jspwiki.properties. >>> Best >>> of all: the API changes are fairly small, and we re-use the existing >>> LoginModules. >>> >>> The upsides to the new approach are many: >>> - Elimination of the need to configure JAAS at runtime >>> - Maintains backwards compatibility with any existing third-party >>> LoginModules that may have been developed for JSPWiki >>> - Adds the ability to use MORE LoginModules with JSPWiki (because we >>> move responsibility for adding/deleting JSPWiki Roles out of the >>> LoginModules, and into AuthenticationManager) >>> - Removes the last barrier for "drop-in" deployments on ALL >>> containers >>> (no need to worry about JAAS configuration) >>> >>> There are very few downsides, other than the fact that WikiContext >>> loses >>> a few methods that were only used by one or two callers, and were >>> only >>> public because of package boundaries. >> going to show how much I don't know, but wasn't JAAS the method used >> to >> access container authentication? >> >>> >>> Andrew >>> >> >> -- >> "Joe, I don't do nuance." >> >> - George W. Bush >> 02/15/2004 >> to Sen. Joseph Biden, as quoted in Time >
--
"If you're sick and tired of the politics of cynicism and polls and principles,
come and join this campaign."
- George W. Bush
02/16/2000
Hilton Head, S.C.
signature.asc
Description: Digital signature
