tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Tomcat 7, Valve -> Filter conversion, and container-managed authentication/authorization
Date Wed, 28 Apr 2010 17:49:35 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Hello, I'm Chris Schultz, the maintainer of the securityfilter project
(http://securityfilter.sourceforge.net/) and active member of the
tomcat-user mailing list.

I've been loosely following the plans for Tomcat 7 and was interested to
see that there's an effort to convert existing Tomcat Valve components
into Filters, I suppose to make them more flexible and also to increase
portability.

For those unfamiliar with the project, securityfilter is a filter-based
implementation of authentication and authorization that aims to comply
with the Java Servlet Specification while offering features above and
beyond it. Most of our users have abandoned container-managed auth
provided by containers such as Tomcat because of missing features (not
specified by the servlet spec) such as "barge-in" logins, customized
after-login pages, and customizability that doesn't tie the web
application to any specific container.

I inherited the existing securitfyilter code base from Max Cooper and
I've been trying to improve the compliance with the servlet spec and to
ensure support for the more recent versions of the spec (sf is mostly
2.3 compliant, but we're trying to fill-in all the holes). After adding
a few features to the 2.x code base, I'm considering a full re-write of
the code for a 3.x version that is more flexible than the current
implementation.

I was thinking that, as Tomcat contemplates a conversion of
container-managed auth from a Valve to a Filter, securityfilter could
possibly factor-into that conversion. I'd be happy to convert sf into an
Apache commons/incubator project and have Tomcat use it for
authentication and authorization.

Mark Thomas has indicated his interest in discussing this possibility on
the development list, so I'm presenting it to the group. I'd be happy to
give more details about my current plans for sf, etc. but I figured that
if there was significant interest in the Tomcat/ASF communities, we
could discuss what feature set ought to be available.

Please let me know if the community is interested in "adopting"
securityfilter and, ultimately, using it in Tomcat.

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvYdS8ACgkQ9CaO5/Lv0PCRygCgwJ3Sw9g5YRbgHh/RQqLXdzXz
8IwAoJBEk06BovBRtADh9WfAQMx/F2Zp
=dcy8
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message