On Sun, Jul 28, 2013 at 2:19 PM, Glen Mazza <[email protected]> wrote:
> Hi Team, our web.xml has a commented-out section on how to do CMA with > Roller: > http://svn.apache.org/viewvc/**roller/trunk/app/src/main/** > webapp/WEB-INF/web.xml?**revision=1505201&view=markup#**l485<http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/web.xml?revision=1505201&view=markup#l485> > > I don't understand how this could work with Roller, because AFAICT Roller > still needs to store user accounts and passwords for the blogs, also each > user has write access to certain blogs (either his own or via invitation) > -- this is all stored in Roller database tables that would presumably need > to get filled, CMA or not. > > What does CMA buy a Roller admin or user? Is this purely for SSL usage > with basic authentication, where the user needs to type in a username and > password to get to Roller (and then log in again to Roller)? Stated > another way, what information no longer needs to get stored into Roller's > database tables as a result of using CMA? > CMA allows a Roller admin to use authentication mechanisms provided by the application server on which Roller is running (in the standard Java EE way) instead of the authentication mechanisms provided by Spring Security. This was important once when Sun wanted Roller to use the authentication mechanisms provided by Glassfish instead of Spring. We had this working at one point and were able to eliminate Spring from Roller. At this point, I'm fine with removing the commented out XML. If somebody wants to get CMA working again, they can refer to previous versions of the code in SVN. - Dave
