arjan tijms [
https://community.jboss.org/people/atijms] commented on the document
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17782#comment-10019
--------------------------------------------------
Anil Saldhana wrote:
> Unless we see widespread adoption of JSR 196 usage, we will not make it the
default.
Ok, thanks for explaining that. Adoption surely seems to be an issue, but does that really
matter if JBoss uses this API for "internal" purposes? The current JASPI auth
modules that ship with JBoss seem to be using JBoss/Tomcat APIs for their implementation,
and thus can't be used with any other AS anyway.
So one thing I'm still wondering about is what the intended use case is for modules
like "org.jboss.as.web.security.jaspi.modules.HTTPBasicServerAuthModule".
Those are not the default (and as you just explained, will probably not become default
anytime soon), but the user can activate them. Since the same functionality is also
provided by the traditional modules, why would a user want to use
"org.jboss.as.web.security.jaspi.modules.HTTPBasicServerAuthModule"?
--------------------------------------------------