If I get it right, for the moment we can't change the way users are authenticated (i.e. using an ldap instead of an db) without rewriting the core source?
As a J2EE developer, extending the security model by letting it use JAAS and to make it possible to plugin custom user verification classes would be a big step forward for Nukes. Especially if we don't want to let it end like some nifty community tool for 16 year olds instead of a good core engine for full-fedged enterprise cms/portals/applications ... .
Are there any thoughts in progress concerning such an improvement?
as i stated in a previous post, there are plans to introduce JAAS support. right now the focus is on cleaning up and adding functionality to the existing modules.