On Aug 13, 2013, at 3:24 PM, Arjan Tijms <[email protected]> wrote:
> By far the number one complaint I hear about Java EE is its security system > and how it all comes together. Obviously people are not happy with it. > Improvement has to happen somewhere and after working with JASPIC for over a > year now I'm convinced it's a very important stepping stone to a much better > and better integrated security system in Java EE. > > What's IMHO really holding JASPIC back at the moment is that only full Java > EE implementations support it, which means you just can't really speak of > truly portable auth modules. I think TomEE is one of the most important > servers at the moment, so it not supporting JASPIC leaves a big gap. > > It really would be awesome if TomEE could support it. If you need any help > with the implementation I'm more than happy to volunteer. Well, let's get you started then! :) As David J mentioned in the thread on the Tomcat list, there's some code in Geronimo for implementing this in Tomcat that he thought would be a good addition to Tomcat. We might try and get that code working in TomEE. Before that I wonder if we want to start with something simple like hacking up an Aquillian test? In terms of starting the flow of patches, we've never really had anyone take advantage of the mirrors on Github. Might be fun to experiment with that -- if we get a CLA (Contributor License Agreement) for you, we could take advantage of pull requests. Open to any other thoughts you might have on how to get the ball rolling. -David
