[jboss-as7-dev] web security extensions
Bill Burke
bburke at redhat.com
Wed Jun 8 10:29:07 EDT 2011
On 6/8/11 10:12 AM, Remy Maucherat wrote:
> On Wed, 2011-06-08 at 15:03 +0100, Darran Lofthouse wrote:
>> How about at least restoring the behaviour that was present in previous
>> AS releases to define custom auth-methods?
>
> I thought about it, but I'd need to add that config to the domain model,
> and this is not so cool since they are classnames (and the idea is to
> avoid classnames there).
>
I agree that classnames in domain model == bad. Maybe just have JBoss
Web subsystem search for extension files within META-INF/ of jars. The
extension files would have metadata on how to bind a new auth-method. I
think other subsystems in AS7 work similarly.
BTW, I don't get you. You just completely contradicted yourself. In
your reply to me you said "No way, its non-portable". In your reply to
Darren its "I thought about it, but not sure how to do it yet." Maybe I
should ask Darren to email you whenever I have a suggestion.
Finally, what about my idea to delegate more to the security domain?
Like what authentication mechanism to apply, what valves to apply, etc.?
I can see where you'd want one place to be able to modify how a set of
web apps are authenticated.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the jboss-as7-dev
mailing list