On 12/14/2014 8:48 AM, arjan tijms wrote:
> As for JASPIC, there are discussions going on about Servlet maybe
> adopting the Servlet Container Profile of JASPIC as its own native SPI
> (which incidentally is already a recommendation in the current Servlet
> spec).
>
This would be huge. I actually currently co-lead our security efforts
and cross-implementation integration is a real pain right now.
BTW, Arjan's blog [1] is a must read on JASPIC. It would be cool if the
EE TCKs really started to crack down on this SPI and get some really
strict tests in the TCK for it.
http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com