I'm considering
using Acegi for a project, but I'd like to find out a bit more. Can you give me
an idea of how Acegi fits into the J2EE picture with regard to JAAS? The client
requires J2EE "compliance" for all new applications. That doesn't mean we have
to use J2EE APIs for everything, it just means we have to have a coherent
story where we deviate. My (brief) impression of JAAS is that it's got some
problems, and is not all that well understood or utilized in the developer
community.
For example, I'm
working with JRun at the moment. They make a pass at using JAAS, but they use
their own framework for the authorization piece. No explanation as to why. There
are other reasons why we don't want to use it, but one of them is that we would
like to stay within the J2EE API if possible and advisable. So my question to
you is, in creating Acegi, did you consider how it fits in with JAAS, where it
deviates and why. Thanks!
