-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
One of the major architectural changes I've heard about coming in Tomcat 7 is the removal of the Valve interface in favor of using the standard javax.servlet.Filter interface. IIRC, the current implementation of container-managed authentication and authorization is done using a Valve (or series of Valves). If Tomcat is moving to Filters rather than Valves, does that mean that Tomcat authentication will be done using Filters, or is there some other strategy in the works? I ask because a Filter-based authentication and authorization strategy would duplicate the work of securityfilter (and probably be more up-to-date, but that's beside the point). I would actually prefer that Tomcat go with a Filter-based authentication strategy because of the flexibility which can be achieved by intercepting the call chain without having to dive into the internals of Tomcat. What's the plan for T7-auth? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuydZAACgkQ9CaO5/Lv0PArvgCgnoUpBYS4i3HuCTSTrqiOLLkQ RMoAnj96FWY4EzzVNQxeTVhqsuvUinz6 =sB2s -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org