#2 seems like the best option. Removing the ability to drop a war for integration/testing/demoing seems like a really bad idea.
On Thu, Apr 4, 2013 at 11:29 AM, Misagh Moayyed <mmoay...@unicon.net> wrote: > Team, > There is a pending pull [1] that proposes the > SimpleTestAuthenticationHandler be renamed to something that is bit more > descriptive. The motivation for the pull/JIRA is not only to communicate > the actual purpose of the handler, but hopefully in doing that, it would > be clearer that the handler should never be used in production. > > IMO, ideally, the objective might be to not even allow folks to use the > handler at all and simply keep it for internal dev and testing purposes. > > There have a been a number of suggestions on the pull that I'd like to > summarize here first and see if we can all reach an agreement on the most > appropriate option: > > 1. Rename this default handler to > MatchingUsernamePasswordAuthenticationHandler: communicates intent, but > loses sight that this is a test handler not be used > 2. Display a warning on the login page much the http/nonsecure warning > that the handler is only for testing purposes and should never be used in > production > 3. Figure out a way to do away with the handler in the final war: one > possible idea might to be force users to explicitly configure handlers and > by default, CAS would ship with no handlers at all? > > -Misagh > > [1] https://github.com/Jasig/cas/pull/215 > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
