[aerogear-dev] Aerogear Security (Picketlink)? enhancements

Bruno Oliveira bruno at abstractj.org
Thu Nov 7 12:05:22 EST 2013


Ahoy!

On November 7, 2013 at 1:40:32 PM, Karel Piwko (kpiwko at redhat.com) wrote:
> I fully understand the plan of not copying PL API. My concern was AGSEC API not  
> being flexible enough. Let me give you scenario:  
>  
> 1/ User writes app and secures methods using @Secure annotation  
> 2/ Later on, as app evolves, there is a need to use LDAP binding without  
> password or auth via certificate/fingerprint/whatever 
> 3/ Doh, app needs to be rewritten 

I totally understand and open for suggestions. So feel free to add the corner cases to AGSEC.

>  
> The issue here is that String based password is not easily extensible. Having  
> richer API does not impose any implementation. It can be left to user to write  
> the integration layer. 

+1 makes sense.
  
-- 
abstractj



More information about the aerogear-dev mailing list