Re: [aerogear-dev] Aerogear Security (Picketlink)? enhancements
Ahoy!
On November 7, 2013 at 1:40:32 PM, Karel Piwko (kpiwko(a)redhat.com) wrote:
I fully understand the plan of not copying PL API. My concern was
AGSEC API not
being flexible enough. Let me give you scenario:
1/ User writes app and secures methods using @Secure annotation
2/ Later on, as app evolves, there is a need to use LDAP binding without
password or auth via certificate/fingerprint/whatever
3/ Doh, app needs to be rewritten
I totally understand and open for suggestions. So feel free to add the corner cases to
AGSEC.
The issue here is that String based password is not easily extensible. Having
richer API does not impose any implementation. It can be left to user to write
the integration layer.
+1 makes sense.
--
abstractj