[security-dev] PicketLink IDM - Replace Default Credential Handler
darran.lofthouse at jboss.com
Fri Jun 21 11:02:27 EDT 2013
Investigating SASL integration with PicketLink IDM shows the Plain
mechanism working fine with a fairly default set up - however as I am
adding support for the Digest based mechanism I seem to need to be able
to replace the default CredentialHandler for UsernamePasswordCredentials.
On validating a request I don't believe that the code making use of the
IDM should be aware of any of the storage details, so now I have users
that could be stores with a plain text password or a pre-prepared ha1 hash.
What I would like is to add one CredentialHandler that can handle
requests to validate both plain text passwords and digest credentials
and decide internally how to handle them based on which one is currently
associated with the agent.
My credential handler is registered as it allows me to add my new custom
DigestPassword credential but it is not being used for the validation of
a UsernamePasswordCredentials object.
Is there anything else I need to do to disable the default implementation?
More information about the security-dev