On 5/17/07, Matt Raible <[EMAIL PROTECTED]> wrote:
The problem with ditching Acegi is we have to add back in our own custom Remember Me and SSL Switching logic. Also, you'd have to document how to create a JDBC Realm for each application server. Why do you like CMA better than Acegi? Because IBM is using it?
You laugh ;-) but the fact that IBM is doing does tell us something. Here's why I like CMA better: 1) CMA can be configured without editing files inside the WAR. 2) CMA allows us to take advantage of the nice authentication stuff that is now built into app servers, e.g. In my builds, I may be required to take advantage of the OpenSSO/OpenID stuff that is being built into Glassfish (via standard CMA). 3) One less jar on the classpath ;-) Yes, we'll have to implement our own remember me and SSL switching, but IMHO that's easier than the ugliness of security.xml. But again, I'm not proposing removing Acegi at this point. I'm going to propose an installer and I hope to do so without introducing or removing any Roller dependencies. - Dave
