61 Monzillo [
https://community.jboss.org/people/monzillo] commented on the document
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17782#comment-11491
--------------------------------------------------
validateRequest *should* be called under HttpServletRequest.authenticate; but that has not
yet been made explicit in the Servlet Profile of JSR 196 (and will be the subject of the
next MR to the spec). ValidateRequest should not be called under HttpServletRequest.login
mostly because login presumes a user name/password authentication mechanism (which may not
be compatible with the configured auth context). it might be worth considering having
login use the callback handler to handle a passwordValidationCallback (if jsr 196 is
configured for the app), in which case the login impl login would need access to the same
callback handler that was passed to the 196 auth context configured for the app. I will
think about how that might be possible, but at this time, the main integration point for
jsr 196 and programmatic login should be authenticate (not login).
--------------------------------------------------