incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <>
Subject Re: Thoughts on authentication changes for JSPWiki 3.0
Date Wed, 30 Jan 2008 20:00:21 GMT
> Of course, the current strategy causes problems because it means  
> sometimes we need to wire up certain containers in special ways  
> (e.g., JBoss). And it's sometimes a deployment hassle. From the  
> deployer standpoint, it's probably not very obvious what the  
> jspwiki.jaas config file we use does.

Yes, totally agree.  Getting the JAAS configuration right is a pain.

> 2) Get rid of significant chunks of the JAAS login scheme we use,  
> and do something a little simpler. I'm thinking, in particular, of  
> putting in a very lightweight servlet filter that wraps the  
> incoming HttpServletRequest. It would delegate to WikiSession for  
> getUserPrincipal() and

The fact that this is how most Stripes users are doing their auth  
didn't influence your decision in any way? ;-)

> I don't see too many downsides to this, frankly. Really, this is  
> more about the "plumbing" than stuff that would be visible to  
> users, deployers or developers not named Andrew.
> Thoughts? There's nothing that says we need to wait until 3.0. If  
> everyone likes this idea, we could do it in 2.8.

I think this sounds pretty good.  I've never been much of a fan of  
JAAS, since it adds all sorts of weirdosities - I have to admit that  
all those Callbacks sound very strange to me, when you're used to  
simplicity of Beans.


View raw message