[jsr369-experts] JASPIC; was: RFC7239 support

From: Greg Wilkins <gregw_at_webtide.com>
Date: Sat, 17 Sep 2016 10:13:24 +1000

 On 17 September 2016 at 00:22, arjan tijms <arjan.tijms_at_gmail.com> wrote:

> On Fri, Sep 16, 2016 at 3:58 PM, Mark Thomas <markt_at_apache.org> wrote:
>> While Tomcat now has a JASPIC implementation, I am still of the view
>> that it should not be mandatory for a Servlet container to implement this.
> As far as I can see every (active) Servlet container now implements
> JASPIC, so would it not be little more than a formality now?

While Jetty has (does?) support JASPIC, the uptake of it as a feature has
been zero as far as we know. It is likely that our support for it has
atrophied and it would be a massive surprise if a 3rd party auth module was
to emerge and work out of the box with jetty.

As a spec, somebody should either kill JASPIC or make it a used spec. I'm
not sure if a few words in this spec saying it is an optional feature will
help takeup, but I guess it would not hurt. Perhaps a reference auth
module would be useful that we could all integrate and thus discover
anything extra that might need to go in our spec to make interoperability
actually work?


Greg Wilkins <gregw@webtide.com> CTO http://webtide.com