OK, cool, any out-of-date conversation pieces we can remove, great.
Question, though, when I go to Oracle blogs (https://blogs.oracle.com/)
and click on the login button, I'm taken to a single sign on page:
https://login.oracle.com/mysso/signon.jsp. Is CMA required for this SSO
functionality or would that be handled by our OAuth support
(http://svn.apache.org/viewvc/roller/trunk/app/pom.xml?revision=1507823&view=markup#l169)
instead?
Thanks,
Glen
On 07/29/2013 01:52 AM, Dave wrote:
On Sun, Jul 28, 2013 at 2:19 PM, Glen Mazza <[email protected]> wrote:
Hi Team, our web.xml has a commented-out section on how to do CMA with
Roller:
http://svn.apache.org/viewvc/**roller/trunk/app/src/main/**
webapp/WEB-INF/web.xml?**revision=1505201&view=markup#**l485<http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/web.xml?revision=1505201&view=markup#l485>
I don't understand how this could work with Roller, because AFAICT Roller
still needs to store user accounts and passwords for the blogs, also each
user has write access to certain blogs (either his own or via invitation)
-- this is all stored in Roller database tables that would presumably need
to get filled, CMA or not.
What does CMA buy a Roller admin or user? Is this purely for SSL usage
with basic authentication, where the user needs to type in a username and
password to get to Roller (and then log in again to Roller)? Stated
another way, what information no longer needs to get stored into Roller's
database tables as a result of using CMA?
CMA allows a Roller admin to use authentication mechanisms provided by the
application server on which Roller is running (in the standard Java EE way)
instead of the authentication mechanisms provided by Spring Security. This
was important once when Sun wanted Roller to use the authentication
mechanisms provided by Glassfish instead of Spring. We had this working at
one point and were able to eliminate Spring from Roller.
At this point, I'm fine with removing the commented out XML. If somebody
wants to get CMA working again, they can refer to previous versions of the
code in SVN.
- Dave
