On Wed, Apr 4, 2018 at 10:08 AM, Nick Couchman <vn...@apache.org> wrote:

> ...
> >
> > Good question. The LDAP changes are definitely in scope, and it was my
> > original intent to try to tackle those. Assuming these changes are
> > part of 1.0.0, I can understand limiting the scope to just the
> > database and extension API in the interest of getting the release out.
> > If the group support is part of 1.0.0, I suppose we'll have to see how
> > we feel about release timing vs. including LDAP group support once the
> > database+API portion is complete.
> >
>
> I think it would be preferable to include those changes to the LDAP module
> in 1.0.0, just wasn't sure what the thought was for timing, level of
> effort, etc.  Obviously we don't have any particular pressure to release
> 1.0.0 by a certain date, so I don't want to unnecessarily create that
> pressure.  I think there will probably be more frustration if we release
> 1.0.0 with support for groups only in the JDBC/API portion and don't do
> LDAP, then there will to wait on the 1.0.0 release a little longer to allow
> for the LDAP changes.  But, it's worth discussion - anyone else have any
> thoughts on that?
>
>
Looking closer at LDAP's current handling of groups, I think the necessary
changes may actually be pretty minimal. I'm in favor of including this in
scope.

I'll be opening up the first of several PRs shortly with the base API
changes. The overall set of changes so far is around 8K lines, but I think
it should be reviewable if broken into logical pieces.

I've also encountered a couple of separate issues which needed to be
addressed for the sake of groups, and for which I will be opening new JIRA
issues:

* The UserContext and AuthenticationProvider interfaces continue to be
cumbersome when applying new API changes, due to the sheer number of
duplicate stub functions that need to be added to all extensions. I've
created a AbstractUserContext and AbstractAuthenticationProvider to deal
with this.

* The extension system currently properly isolates extensions from each
other, but does not fully isolate extensions from the webapp. While
extensions *should* inherit classes from the webapp, any classes included
with the extension should take priority. I have ClassLoader-related changes
to the extension system which address that issue.

- Mike

Reply via email to