Right now the security domain configuration has separate sections for
JASPI and Classic/Basic authentication. The only difference seems to be
that JASPI authentication requires an additional name field per module,
and JASPI authorization requires an additional login-module reference.
So essentially its a superset.
Is there a reason we would not want to just switch to the JASPI style of
specification, and eliminate the classic style. A name per login module
seems useful anyway.
--
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat
Show replies by date