Hi Andriy
Just something I'd like to clarify re CXF OAuth1 module. I was a mentor
for the original GSOC project and spent quite a bit of time with it
afterwards too.
After spending even more time with OAuth2 I see OAuth2
being actually simpler for a classical case originally covered by OAuth1
- one less roundtrip. It is more secure and this work is ongoing. OAuth2
got a lot of bad press after an exit of the OAuth1 author but a lot of
that was originating from the users who either did not quite understand
OAuth2 or were looking at the buggy implementations of Implicit Flow, etc.
These days Oauth2 is huge. But of you drill down into it and try to
address a classical case it is simpler. And OAuth2 (with OIDC) will let
one to scale to covering much more sophisticated cases. I'm definitely
not planning to put more effort into CXF OAuth1 - and new users should
be discouraged from trying it because they will go not far with it.
I did this talk few years back:
http://events.linuxfoundation.org/sites/events/files/slides/ApacheEuCxfOauthHawk.pdf
But as far as this module is concerned it has got a fair bit of
attention a couple of years back. The last change I did there was 2
years back. But I can accept someone is still using CXF OAuth1 client
code against some OAuth1 server and more likely - protects CXF Server
with CXF OAuth1 filter against some 3rd party OAuth1 client.
Cheers, Sergey
On 02/09/16 17:31, Sergey Beryozkin wrote:
Hi Andriy
Yeah, I just wanted to show I'm ready to depart with some of RS modules
too :-). You are right though, likely some existing integrations are
still around.
Sergey
On 02/09/16 17:27, Andrey Redko wrote:
Hey Sergey,
Great undertaking I think! From my side, I would put -1 to oauth module.
You are right, technically it is old spec but it is still
used widely (mostly because it is much simple to integrate comparing to
oauth2 f.e.).
Thanks.
Best Regards,
Andriy Redko
On Fri, Sep 2, 2016 at 12:07 PM, Sergey Beryozkin <[email protected]>
wrote:
Hi
CXF module base continues to grow - a lot of modules is available, with
some of these modules being obsolete and never used.
I'd like to propose to drop some of these modules in 3.2.0-SNAPSHOT to
make the builds faster, the workspaces smaller and new users less
overwhelmed :-). Once we agree on the final list I can remove them
but as
soon as we have at least a single user requesting the module back
we'll put
it back in 3.2.1. But in meantime we should give this clean-up a try
:-).
The proposed list is below. Dan, others, please add -1 under any item
you
feel like worth keeping (but note we will put any removed module back in
3.2.1 or later whenever it is needed again):
1. rt/management-web
I was the one who added it, it was based on a GSOC project and I do
think
it is a unique project (users can see logging events in Atom
readers), Aki
did some good work around it a couple of years back, but I haven't
seen any
user actually asking questions or trying to use it.
Thus it should go. I'll be the 1st one who will put it back if someone
will want to push it further.
2. rt/rs/security/oauth-parent/oauth
This module supports Oauth1 and is also based on the GSOC project.
Removing it might be a bit sensitive as some users did use it few years
back. But OAuth1 is technically deprecated and Oauth2 is now widely
deployed which is where we put a lot of effort into in CXF. I haven;t
heard
any queries about it for the last few years.
3. maven-plugin/archetypes: Maven JAXWS and JAXRS prototypes. Can
they be
really useful to anyone ? May be we can drop them and put back if
needed.
4. integration/jca - I don't even remember what JCA means :-). I vaguely
recall it was some old container spec ?
5. rt/bindings/object
I think I recall Dan explaining awhile back it is a more advanced
version
of coloc but I don't think it has ever been used by CXF users ?
6. rt/databindings/jibx
I believe JIBX has not been maintained for many years now, if yes
then
lets let it go
7. systests/jibx
8. rt/databindings/sdo
I know it was added on request from one of our previous employers,
which was awhile back. Not sure if we need to keep it though
9. rt/databindings/xmlbeans
Not sure if it is still needed. Looks like SOAP users do JAXB,
occasionally - Aegis
10. services/wsn ?
11. rt/ws/eventing ?
12. rt/ws/mex ?
This is it for now. Please provide the feedback, we can keep this thread
open for few weeks for sure
Thanks, Sergey
10.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
