On 01/11/2014 21:00, arjan tijms wrote:
> Hi,
>
> On Sat, Nov 1, 2014 at 11:14 AM, Mark Thomas <markt_at_apache.org> wrote:
>> Supporting it as in Tomcat shipping with JASPIC support? Yes, with
>> caveats. Those caveats are:
>>
>> - There needs to be an implementation on the table. We don't have that
>> yet.
>
> I can certainly look in to that. I had already promised this earlier
> and I'm still definitely committed to it, especially now the basic
> test suite is done (see
> https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic).
>
>> - The impact any such implementation has on Tomcat internals.
>
> I'd really like to aim for an implementation that has a low impact.
> I've been studying some existing JASPIC implementations, and the
> amount of impact seems to vary. GlassFish's one seems to be relatively
> high impact, but some others are more middle of the road.
>
> I was particularly impressed by the looks of the implementation that
> Muller Marian from Serli did for JOnAS. If I'm reading the code
> correctly it seems there's only an absolute minimal of Servlet
> Container specific code required (see
> http://websvn.ow2.org/listing.php?repname=jonas&path=%2Fsandbox%2Fmullerm%2Fjaspic%2Fjonas%2Fmodules%2Fservices%2Fjonas-jaspic%2F)
>
> David mentioned before that the Geronimo implementation should be
> relatively straightforward to port to Tomcat, so I think I would look
> at that one first.
Makes sense.
>> There is also the ongoing issue of the ASF having access to the JavaEE
>> TCKs under terms that would enable us to continue release software
>> tested with the TCKs under the ALv2. I'd like to be able to test any
>> JASPIC implementation with the TCK before release and that doesn't look
>> like it is going to be an option any time soon.
>
> I can understand that this is an issue indeed, but wouldn't that also
> be true for the Servlet 4.0 TCK then?
Yes and no.
The Tomcat source gets used in a number of other J2EE containers that
are tested with the various TCK. Some of those container vendors report
Tomcat bugs that trigger TCK failures. It is far from ideal and I have
no idea if an actual Tomcat release would pass the TCK but - based on
experience from when we did have access to the TCKs - I know we'd be
pretty close.
I'm not aware of any vendors that would be likely to do something
similar for JASPIC.
> Of course compliant implementations would need to be tested with the
> TCK, that's a given. But in case of JASPIC I'm afraid it wouldn't win
> you much practically speaking. I'm really not sure what the JASPIC TCK
> exactly tests, but it just can't be much.
Since I haven't seen any version of the JASPIC TCK I am unable to comment.
Mark
> Anyway, thanks a lot for your answers Mark. Really appreciate it!
>
> Kind regards,
> Arjan Tijms
>
>
>>
>> Mark
>>