Brian Stansberry wrote:
At 10:03 PM 12/8/2003 -0800, you wrote:All you have to do to comply with jsr115 is to extends RealmBase and override:
The decision on whether to change the Realm interface, or
move the header processing to AuthenticatorBase is still open.
So soon after such a major release it seems foolhardy to bring this up, but Phillipe's post seems to have opened a can of worms....
Are there any plans to do anything about JSR-115? As it's part of the J2EE 1.4 spec, I would think that for a compliant appserver to embed Tomcat (any others besides JBoss??), Tomcat would need to comply. I bring this up because if there is consideration of API changes to deal w/ the Servlet 2.4 authorization handling, it might be a good time to look into it. I'd be happy to help in such an effort if there is any interest.
- hasUserDataPermission - hasRole - hasResourcePermission - findSecurityConstraint
A couple of months ago (search the tomcat-dev list) we have discussed the possibility of implementing jsr115 directly into Tomcat. Still on my plate (don't know when)....
J2EE 1.4 RI contains Tomcat 5 "powered by" jsr 115. The problem with jsr115 is you have to run under a Security Manager, and this is for sure slower than the current "native" implementation.
I think you'll have an opportunity to make your changes if you want to, since we'll have some refactoring to do on the realm before the next stable 5.0.x release occurs.
Did you do benches ? Comparing (4.1.x) vs (5.0.x) vs (5.0.x + sec manager), for example.
I wouldn't be surprised if the last one benches as well as the first one (which would be really cool).
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
