On 17 September 2016 at 00:22, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> On Fri, Sep 16, 2016 at 3:58 PM, Mark Thomas <markt_at_apache.org> wrote:
>
>> While Tomcat now has a JASPIC implementation, I am still of the view
>> that it should not be mandatory for a Servlet container to implement this.
>>
>
> As far as I can see every (active) Servlet container now implements
> JASPIC, so would it not be little more than a formality now?
>
While Jetty has (does?) support JASPIC, the uptake of it as a feature has
been zero as far as we know. It is likely that our support for it has
atrophied and it would be a massive surprise if a 3rd party auth module was
to emerge and work out of the box with jetty.
As a spec, somebody should either kill JASPIC or make it a used spec. I'm
not sure if a few words in this spec saying it is an optional feature will
help takeup, but I guess it would not hurt. Perhaps a reference auth
module would be useful that we could all integrate and thus discover
anything extra that might need to go in our spec to make interoperability
actually work?
regards
--
Greg Wilkins <gregw@webtide.com> CTO http://webtide.com