On 6/8/11 10:12 AM, Remy Maucherat wrote:
On Wed, 2011-06-08 at 15:03 +0100, Darran Lofthouse wrote:
> How about at least restoring the behaviour that was present in previous
> AS releases to define custom auth-methods?
I thought about it, but I'd need to add that config to the domain model,
and this is not so cool since they are classnames (and the idea is to
avoid classnames there).
I agree that classnames in domain model == bad. Maybe just have JBoss
Web subsystem search for extension files within META-INF/ of jars. The
extension files would have metadata on how to bind a new auth-method. I
think other subsystems in AS7 work similarly.
BTW, I don't get you. You just completely contradicted yourself. In
your reply to me you said "No way, its non-portable". In your reply to
Darren its "I thought about it, but not sure how to do it yet." Maybe I
should ask Darren to email you whenever I have a suggestion.
Finally, what about my idea to delegate more to the security domain?
Like what authentication mechanism to apply, what valves to apply, etc.?
I can see where you'd want one place to be able to modify how a set of
web apps are authenticated.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com