[SECOAUTH-80] Separate out Servlet API concerns from OAuth protocols #111
Description
Priority: Major
Original Assignee: Ryan Heaton
Reporter: Dave Syer
Created At: Wed, 27 Jul 2011 14:09:30 +0100
Last Updated on Jira: Tue, 6 Sep 2011 17:24:39 +0100
Separate out Servlet API concerns from OAuth protocols is a useful design goal. Spring Security itself has moved in this direction over the years and it has proved very productive. Spring Social already has a platform agnostic set of APIs for the consumer side, so it would make sense leverage that work in some way.
Comments:
rheaton on Sat, 3 Sep 2011 02:52:39 +0100
I don't have any problem with the goal, but it's tricky when you need to do things like redirect the user to the provider. If you separate our the servlet API, then you have to provide some kind of abstraction for redirecting the user.
david_syer on Tue, 6 Sep 2011 17:24:39 +0100
Spring Security Core manages to do a better job of this, so I think it must be possible. It doesn't have to be a top priority for 1.0, I agree. In fact it probably fits well with the effort to harmonise with Spring Social (SECOAUTH-62) which is also unlikely to be a high priority for 1.0.