tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arjan Tijms <>
Subject Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Date Wed, 14 Aug 2013 09:25:18 GMT

markt wrote
> Had you not cut all the context, it would be clear that Ron's question
> was:
>> Does the Tomcat community support the inclusion of the Servlet profile
>> of JSR 196 in the EE web Profile?
> Hence my response. I don't think the Tomcat developers are in a position
> to pass judgement on what should or should not be in the web profile as
> we have little to no visibility into what users want from the web profile.

I see, thanks for the clarification, it's clear to me now.

markt wrote
> The only folks talking about JSR 196 have been either EG members like
> Ron or David, or Tomcat committers mentioning that JSR 196 support was
> being considered or might be a possible implementation solution for
> something.
> Not a single user has asked for JSR 196 support.

Well, I'm a user asking for it ;)

Personally I know of 2 users who were busy trying to implement a kind of
bridge between JASPIC and Tomcat so that they could use their company's
in-house developed SAM with Tomcat. I don't know why they didn't approach
the Tomcat mailing list or created an issue. 

I address JASPIC on my blog, and from the traffic I can see there's some
demand for JASPIC indeed. People do search for things like "portable login
module", "universal realm Java EE", "jaspic", "jaspic api" etc. Granted,
it's not a very large amount of traffic (currently sits at ~1% of the JSF
traffic, which is a topic I also cover), but it's still there.

As opposed to WebSocket; I think WebSocket addresses a need for which there
wasn't a real solution yet. It's a new feature that got a lot of attention.
JASPIC doesn't really add any new feature, it just standardizes existing
things. People are obviously already building authentication modules, but
seem to have grudgingly accepted that those things are just container

For some reason JASPIC hasn't been given that much attention. From a user's
point it was almost silently added to the spec. Even the well known Java EE
tutorial from Oracle doesn't mention it. On StackOverflow I mentioned the
existence of JASPIC a couple of times in relevant questions, and even very
experienced Java programmers (judging by their SO rep) were genuinely
surprised that this existed and seemed to be very enthusiastic  about the
idea of portable authentication modules. A recent example:

markt wrote
> No-one said it would be difficult. TomEE has already done it. We'd just
> need to lift the code. Difficulty really doesn't come into it. If there
> is a demand for it, it will get implemented. If there isn't, it won't.

Thanks, that's clear!

Btw, didn't you mean Geronimo there, or really TomEE? Last time I checked
TomEE didn't have JASPIC implemented yet, but Geronimo of course has.

markt wrote
> At the moment the main driver for this, in my view, is to provide an API
> for folks that want to do things like this:

Yes, I see. That's a very good example.

Thanks a lot for your detailed response.

Kind regards,
Arjan Tijms

View this message in context:
Sent from the Tomcat - Dev mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message