incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Samad <>
Subject Re: Some 2.8 auth improvements
Date Tue, 18 Mar 2008 05:55:49 GMT

On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:
> All --
> I went ahead and did something I've been meaning to do for a while:  
> eliminate the dependency on JAAS configuration from JSPWiki. The idea   
> was to get rid of the tweaks and hacks we use to configure the login  
> process, and eliminate a bunch of configuration hassles.
> It's all ready to go: code, unit tests, javadoc and jspwiki comments.  
> All I need is a 2.8 branch to put it in.
> Some more information about the refactoring:
> The technique I've employed does three things: it refactors  
> AuthenticationManager, adds some responsibilities to WikiServletFilter, 
> and moves configuration of the login process to Best 
> of all: the API changes are fairly small, and we re-use the existing 
> LoginModules.
> The upsides to the new approach are many:
> - Elimination of the need to configure JAAS at runtime
> - Maintains backwards compatibility with any existing third-party  
> LoginModules that may have been developed for JSPWiki
> - Adds the ability to use MORE LoginModules with JSPWiki (because we  
> move responsibility for adding/deleting JSPWiki Roles out of the  
> LoginModules, and into AuthenticationManager)
> - Removes the last barrier for "drop-in" deployments on ALL containers  
> (no need to worry about JAAS configuration)
> There are very few downsides, other than the fact that WikiContext loses 
> a few methods that were only used by one or two callers, and were only 
> public because of package boundaries.
going to show how much I don't know, but wasn't JAAS the method used to
access container authentication?

> Andrew

"Joe, I don't do nuance."

	- George W. Bush
to Sen. Joseph Biden, as quoted in Time

View raw message