Re: [jboss-as7-dev] web security extensions
On 06/09/2011 11:24 AM, Remy Maucherat wrote:
> Finally, what about my idea to delegate more to the security
domain?
> Like what authentication mechanism to apply, what valves to apply, etc.?
> I can see where you'd want one place to be able to modify how a set of
> web apps are authenticated.
Valves can also be added by other subsystems. The security subsystem can
see that SNEPGO has been set as the auth method, and set whatever valve
it needs to implement it.
I like the sound of that, I may try adding that - that way we don't need
a configuration map and just a check if JBoss Negotiation is available
and the method set to SPNEGO to trigger adding the valve.