On 14 Nov 2001, Eric Rescorla wrote: > Well, I suppose that since JDK 1.1.x didn't stop you from putting > classes in java. I could do my own version of > java.security.cert.X509Certificate. A little gross but perhaps > the best plan. The alternative is to blatantly violate the spec > in 1.1 and just deliver something else.
I would say - don't worry about JDK1.1. Support for JDK1.1 is important for embeded devices ( but even there, GCJ does have X509Certificate - it already supports a large subset of JDK1.2, and that's included ). > > > > You have to use request.getAttribute() in the JSPs/servlets. > > > Right, but that doesn't mean that we have to expose the SSLSupport > > > interface. Instead we could break out each individual property > > > we cared about into it's own attribute. > > > > To be consistant with 2.3 containers, I'd go with individually named > > attributes. > Fine with me. Anyone object to this? Individual attributes are good, but if possible with lazy evaluation. The getInfo() callback in BaseInterceptor is supposed to do exactly that - allow you to lazy-evaluate expensive request fields, so only servlets that ask for the information will pay for it. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
