Anil Saldhana wrote:
Unless we see widespread adoption of JSR 196 usage, we will not make it the default.
Ok, thanks for explaining that. Adoption surely seems to be an issue, but does that really matter if JBoss uses this API for "internal" purposes? The current JASPI auth modules that ship with JBoss seem to be using JBoss/Tomcat APIs for their implementation, and thus can't be used with any other AS anyway.
So one thing I'm still wondering about is what the intended use case is for modules like "org.jboss.as.web.security.jaspi.modules.HTTPBasicServerAuthModule".
Those are not the default (and as you just explained, will probably not become default anytime soon), but the user can activate them. Since the same functionality is also provided by the traditional modules, why would a user want to use "org.jboss.as.web.security.jaspi.modules.HTTPBasicServerAuthModule"?