[jboss-as7-dev] Security Domain Config: JASPI vs Classic?

Anil Saldhana asaldhan at redhat.com
Mon Oct 3 19:53:29 EDT 2011 

Jason,
should we enable Security.setProperty at the host/server level? Maybe there is some element where we can add this additional behavior.

----
sent on a train

On Oct 3, 2011, at 10:38 AM, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:

> The JASPI config is an on demand configuration that provides 
> capabilities to configure
> authentication config providers (similar to the JAAS login modules).  If 
> the jaspi modules
> want to delegate the core authentication aspects to the jaas login 
> modules, they do
> it via the login config bridge name.
> 
> On 10/03/2011 09:16 AM, Stefan Guilhen wrote:
>> I forgot to comment about this reference in the other e-mail. There's no
>> authorization ->  authentication reference, its all about authentication.
>> This reference is just a way to tell the jaspi authenticator which JAAS
>> config it should use to delegate the authentication to once the security
>> attributes have been established.
>> 
>> 10/03/2011 10:45 AM, Jason T. Greene wrote:
>>> Right now I'm preserving the existing layout of two separate sections, I
>>> was just wondering if there was any benefit I was missing. For example,
>>> is the authorization ->   authentication reference a problem for classic auth?
>>> 
>>> On 10/3/11 8:43 AM, Marcus Moyses wrote:
>>>> Do you plan to make those attributes optional or mandatory? I guess if
>>>> they were optional there would be no problem to merge the
>>>> configurations. Making them required would add some confusion to
>>>> customers I guess.
>>>> Anyway, Stefan implemented the JASPI integration last week and was about
>>>> to send a pull request so you might want to check with him so your
>>>> commits don't conflict.
>>>> 
>>>> On 10/03/2011 02:28 AM, Jason T. Greene wrote:
>>>>> Right now the security domain configuration has separate sections for
>>>>> JASPI and Classic/Basic authentication. The only difference seems to
>>>>> be that JASPI authentication requires an additional name field per
>>>>> module, and JASPI authorization requires an additional login-module
>>>>> reference. So essentially its a superset.
>>>>> 
>>>>> Is there a reason we would not want to just switch to the JASPI style
>>>>> of specification, and eliminate the classic style. A name per login
>>>>> module seems useful anyway.
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

More information about the jboss-as7-dev mailing list