[aerogear-dev] Aerogear Security (Picketlink)? enhancements
Bruno Oliveira
bruno at abstractj.org
Thu Nov 7 12:05:22 EST 2013
Ahoy!
On November 7, 2013 at 1:40:32 PM, Karel Piwko (kpiwko at redhat.com) wrote:
> I fully understand the plan of not copying PL API. My concern was AGSEC API not
> being flexible enough. Let me give you scenario:
>
> 1/ User writes app and secures methods using @Secure annotation
> 2/ Later on, as app evolves, there is a need to use LDAP binding without
> password or auth via certificate/fingerprint/whatever
> 3/ Doh, app needs to be rewritten
I totally understand and open for suggestions. So feel free to add the corner cases to AGSEC.
>
> The issue here is that String based password is not easily extensible. Having
> richer API does not impose any implementation. It can be left to user to write
> the integration layer.
+1 makes sense.
--
abstractj
More information about the aerogear-dev
mailing list