[undertow-dev] AuthenticationMechanismFactory
Jason Greene
jason.greene at redhat.com
Fri Dec 13 11:08:04 EST 2013
On Dec 13, 2013, at 9:55 AM, Marc Boorshtein <marc.boorshtein at tremolosecurity.com> wrote:
>
>
>
>
> Have an enum on the auth method (Authmethod.FORM, AuthMethod.DIGEST,
> AuthMethod.BASIC, AuthMethod.JASPI) (The web.xml login-method is just a
> string) and then use the addFirstAuthenticationMechanism() or
> setAuthenticationMechanism api to install this adhoc low demand jaspi
> mechanism. Users should be able to provide arbitrary string to the API
> method.
>
>
> +1 I've been following this discussion and have written authentication systems for JBoss, Tomcat, Weblogic, IIS, Apache, etc and having to constrain to one of a few pre-defined methods is beyond frustrating.
>
AFAICT thats never been an option (to limit the user to a canned auth mechanism). I think the intention was to allow for multiple authentication mechanisms to cooperate, and to allow for some uniformity in configuration and selection of them. It seems to be a tried and true concept (e.g. PAM). Although I think its great to nitpick the API. It should be as easy as possible.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
More information about the undertow-dev
mailing list