All --
I went ahead and did something I've been meaning to do for a while:
eliminate the dependency on JAAS configuration from JSPWiki. The idea
was to get rid of the tweaks and hacks we use to configure the login
process, and eliminate a bunch of configuration hassles.
It's all ready to go: code, unit tests, javadoc and jspwiki comments.
All I need is a 2.8 branch to put it in.
Some more information about the refactoring:
The technique I've employed does three things: it refactors
AuthenticationManager, adds some responsibilities to
WikiServletFilter, and moves configuration of the login process to
jspwiki.properties. Best of all: the API changes are fairly small, and
we re-use the existing LoginModules.
The upsides to the new approach are many:
- Elimination of the need to configure JAAS at runtime
- Maintains backwards compatibility with any existing third-party
LoginModules that may have been developed for JSPWiki
- Adds the ability to use MORE LoginModules with JSPWiki (because we
move responsibility for adding/deleting JSPWiki Roles out of the
LoginModules, and into AuthenticationManager)
- Removes the last barrier for "drop-in" deployments on ALL containers
(no need to worry about JAAS configuration)
There are very few downsides, other than the fact that WikiContext
loses a few methods that were only used by one or two callers, and
were only public because of package boundaries.
Andrew
