JBoss Community

JBoss AS7: Enabling JASPI Authentication for Web Applications

new comment by Anil Saldhana View all comments on this document

61 Monzillo wrote:




Hi guys, I think jaspic's support of configuration mechanism pluggability has had the unfortunate consequence (from the perspective of developers who use different products) of allowing vendors to focus on integrating authentication mechanism configuration in their proprietary configuration consoles and systems. We need to also cooperate ro make sure that developers and system admins have access to and are able to integrate and use a portable vendor independent authentication mechanism configuration system. One such system is included in the Glassfish open source project (search JAASServletAuthConfigProvider.java). It should be possible for this AuthConfigProvider to be registered in any Servlet Container Profile of JASPIC compatible servlet container, whcih will then allow the developer/security admin to configure authentication modules using JAAS config-file syntax. To make things really simple, the AuthConfigProvider can be registered via a ServletContainerInitializer, or via the persistent configuration of the vendor supplied AuthConfigFactory. Since the Factory is also pluggable via the spi, it should alos be possible to replace a vendor provided AuthConfigFactory with a portable AuthConfigFactory. One such factory, AuthConfigFileFactory.java may be found in Glassfish. Use of a common factory, would then allow simple common persistent configuration of the JAASServletAuthConfigProvider, and of any other AuthConfigProviders that should be available in the vendor environment.


If you are interested in the use of JASPIC within Servlet, you should consider tracking or participating in the open source project Nobis (i.e the RI of JSR 351) where we are working to facilitate portable authentication mechanims pluggability in the context of a standard AttributeService and representation of Identity Atrributes. We have already begun the process of creating some portable ServerAuthModuels (Facebook Connect, and SAML Web SSO) and are working to failitate portable configuration (as described above) see http://java.net/projects/nobis/pages/Home and http://java.net/projects/nobis/sources/git/show/Nobis/authentication.



ps: we are reviewing the portability and packaging of the glassfish systems mentioned above as part of the Nobis project. If you see any problems please feel free to create an issue in the Nobis issue tracker.   



Ron, early on in jsr 196 spec calls, I did emphasise that we need to standardize the configuration. I had foreseen this challenge then.


We can definitely take a look at what you have done.