THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- introduce session management
- avoid checking the internal storage for each and every operation
- make the upgrade from basic to digest authentication cost-effective
- bonus 1: clustering support is there
- bonus 2: separate session store concept is available, for scaling
- keep annotation-based authorization
- design better integration between core (currently session-less) and console (where session is defined instead), especially with the perspective of having more clients (CLI and end-user)
- prepare for OAuth 2.0 provider implementation