[jetty-discuss] Jetty-7 jaspi update

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I reviewed the state of the jaspi integration in the jetty7-jaspi  
branch and updated it a bit, while integrating these changes into  
geronimo (sandbox).  The geronimo integration is now using the  
ServerAuthentication interface I proposed and everything seems to be  
working ok.

I made some changes...

1. AuthenticationManager is still less that satisfactory.  I updated  
it so that its parameterized with T and has a method T  
getServerAuthentication().  This lets us replace the silly

((AbstractAuthenticationManager)authManager).validateRequest(...) call  
with authManager.getServerAuthentication().validateRequest(...).  This  
is not too bad but...

2. I reimplemented the JaspiAuthenticationManager to use the somewhat  
convoluted spec method of getting a ServerAuthContext.  This requires  
a whole different set of parameters than the  
DefaultAuthenticationManager.... actually mostly the ContextRoot for  
the web app.  I think that perhaps subclassing  
DefaultAuthenticationManager is better, I'll think about this some  
more.  Anyway there isn't any way that I know of right now to use  
jaspi....

3. deprecated the sample auth modules that implement the built in auth  
methods.  No one should use these except as examples.  I also think  
the CredentialValidationCallback is not useful....  
PasswordValidationCallback is required by the spec and I hope anyone  
implementing a jetty specific auth method will use the  
ServerAuthentication interface rather than the jaspi stuff.  If they  
want jaspi for portability they need to use the PVC from the spec.  I  
think we should move these back to being spec auth modules and maybe  
put them in some kind of samples subproject.

yet to do:

I think it might be a good idea to have an easy way to deploy a single  
ServerAuthModule without a whole jaspi implementation.
I think we can simplify the AuthenticationManager implementations a  
bit more, and deployment isn't completely implemented yet.
I doubt I'll have time to test the jaspi impl against a complete jaspi  
impl (from geronimo components).

Hopefully this is coherent enough to be of some value :-)
thanks
david jencks