[security-dev] PicketLink3 and Apache Deltaspike Dependencies

Anil Saldhana Anil.Saldhana at redhat.com
Fri Feb 15 12:36:09 EST 2013

   not sure on the exact mechanics. I will defer it to Shane.

Wondering about the following:
PL3 core aims to be a portable security extension of Apache Deltaspike. 
is very little direct dependence on DS. What DS brings is a core CDI 
enabled runtime.

So, why not have the following?

(PL3)  + (PL3/DS Bridge)  =>  EE Applications running on Apache DS on EE 
PL3 => CDI enabled EE Applications running on JBoss AS7+

Basically this will let PL3 get into an AS release easily since it does 
not have any dependencies
on incubating snapshots.

Now this PL/DS bridge may be a lean DS Security Extension or some minor 


On 02/15/2013 09:18 AM, Anil Saldhana wrote:
> I guess we may have to create a leaner Deltaspike security extension.
> Currently it pulls a lot of core DS classes. We may not need a lot of
> the crafty stuff
> that exists in Apache DS Security Extension, just to kick in a Security
> Interceptor.
> On 02/15/2013 09:09 AM, Pete Muir wrote:
>> I'll try to talk to Shane synchronously, as I think this is possible.
>> On 15 Feb 2013, at 14:54, Anil Saldhana wrote:
>>> I think I brought over more classes than PL core needed. But things were
>>> broken at runtime.  Shane took a look and said that we will pull more
>>> core DS classes if we bring the additional security related classes that
>>> I missed.  So we decided to revert and think of a plan B. :)
>>> On 02/15/2013 05:49 AM, Pete Muir wrote:
>>>> Does this commit cover everything, or did you need more?
>>>> https://github.com/picketlink/picketlink/commit/2a9d1894dc1e15320d227377c2dd3372651377c0
>>>> Particularly the config stuff and project stage stuff I would expect us to be able remove the need for.
>>>> On 15 Feb 2013, at 04:34, Jason Porter wrote:
>>>>> It may not be the best option, but we should probably stick with v0.3 for now.
>>>>> Sent from my iPhone
>>>>> On Feb 14, 2013, at 18:31, Anil Saldhana <asaldhan at redhat.com> wrote:
>>>>>> Nothing needed.
>>>>>> On Feb 14, 2013, at 6:47 PM, Jason Porter <lightguard.jp at gmail.com> wrote:
>>>>>>> Is there anything in v0.4 you need, or can you simply get by with v0.3
>>>>>>> Sent from my iPhone
>>>>>>> On Feb 14, 2013, at 17:29, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>>>>>>>> Scratch this plan.  Shane and I determined that this is larger than we
>>>>>>>> originally thought -> lots of DS classes need to be forked.
>>>>>>>> On 02/13/2013 10:25 AM, Anil Saldhana wrote:
>>>>>>>>> Hi all,
>>>>>>>>> PicketLink3 is on the final stretch of release cycles.  One of the
>>>>>>>>> concerns I have had is the Apache Deltaspike dependency which is some
>>>>>>>>> type of incubating snapshot. Since there are very few Deltaspike classes
>>>>>>>>> (3-5 in number) that we depend on, the following strategy should work:
>>>>>>>>> - Copy the source files (Retaining Apache Headers) as it is from Apache
>>>>>>>>> Deltaspike to a PicketLink namespace such as : org.picketlink.deltaspike.*
>>>>>>>>> - Remove the Apache Deltaspike dependency.
>>>>>>>>> In few months, when Apache Deltaspike has proper releases, we can remove
>>>>>>>>> the PicketLink Deltaspike forked classes and bring back the Apache
>>>>>>>>> Deltaspike dependency back.  I do not think PicketLink users will
>>>>>>>>> directly code to DS classes.
>>>>>>>>> I ran this with Pete Muir, Shane and Jason Porter and they all agreed
>>>>>>>>> that this is a good strategy (I did refine the strategy based on Shane's
>>>>>>>>> comments).
>>>>>>>>> Regards,
>>>>>>>>> Anil

More information about the security-dev mailing list