[undertow-dev] AuthenticationMechanism, ChallengeResult and Response Code
Bill Burke
bburke at redhat.com
Fri Dec 20 09:34:39 EST 2013
On 12/20/2013 5:44 AM, Darran Lofthouse wrote:
> Thanks for the clarification Bill.
>
> So in your case we know in advance that there is a single mechanism
> which should be the only mechanism sending challenges and at least one
> more mechanism that can perform the authentication without the need to
> send challenges.
>
> I am just wondering for this scenario if we can handle this better
> during registration of the mechanisms rather than at runtime processing
> a request.
>
If an OAUTH or OpenID mechanism could be guarenteed to be last to
authenticate(), then these mechanisms could pass back a
NOT_AUTHENTICATED instead of a NOT_ATTEMPTED and perform the redirect
within authenticate()...
OR
If OATH/OpenID could be guaranteed to be first to sendChallenge, then it
could end the exchange as Stuart suggested.
Another thing that might work is if the exchange could be "rolled back".
Then the OAUTH/OpenID could rollback any changes made in other
sendChallenge() requests and end() the exchange. Order wouldn't matter
then.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the undertow-dev
mailing list