Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] application authentication

Hi Arjan -

That is certainly true and something that I have always regretted about the spec.
I think we may have been better served to make only that registration method available which would have made that the only means to register a SAM.

A side project of mine has been trying to programmatically add a JASPIC SAM to an embedded Jetty server.
I eventually hit a wall that has it stalled now while I have higher priority tasks on my plate.
My intention is to eventually have a JASPIC authentication provider in our Apache Knox project (incubating still) for Hadoop.
If you have had any success with this I'd love to hear about it.

Another point about JASPIC that I don't think you touch on your blog is that it is only required in EE for the Servlet container. This has hurt adoption a bit. Glassfish does use it in the other containers as well but I don't believe any other vendor does.

Anyway, very good article - I will dig though it a bit deeper later.



On Sat, Aug 17, 2013 at 8:03 AM, Arjan Tijms <arjan.tijms@xxxxxxxxx> wrote:
larry mccay <larry.mccay@...> writes:

> There, however, is no standard way to install this module by simply
> bundling it with an application and deploying it.

There's no standardized declarative way in JASPIC, but there is a programmatic

A WebListener can call something like
"AuthConfigFactory.getFactory().registerConfigProvider(...)" to register such
module. Incidentally, the programmatic way is thus the only standardized way ;)

I'm building a kind of Acid test for JASPIC at and all test
applications bundle the SAM with the .war.

On my blog
I have described this process in some more detail.

jetty-users mailing list

Back to the top