Anil Saldhana [https://community.jboss.org/people/anil.saldhana
] commented on the
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit:
61 Monzillo wrote:
Hi guys, I think jaspic's support of configuration mechanism pluggability has had the
unfortunate consequence (from the perspective of developers who use different products) of
allowing vendors to focus on integrating authentication mechanism configuration in their
proprietary configuration consoles and systems. We need to also cooperate ro make sure
that developers and system admins have access to and are able to integrate and use a
portable vendor independent authentication mechanism configuration system. One such system
is included in the Glassfish open source project (search
JAASServletAuthConfigProvider.java). It should be possible for this AuthConfigProvider to
be registered in any Servlet Container Profile of JASPIC compatible servlet container,
whcih will then allow the developer/security admin to configure authentication modules
using JAAS config-file syntax. To make things really simple, the AuthConfigProvider can be
registered via a ServletContainerInitializer, or via the persistent configuration of the
vendor supplied AuthConfigFactory. Since the Factory is also pluggable via the spi, it
should alos be possible to replace a vendor provided AuthConfigFactory with a portable
AuthConfigFactory. One such factory, AuthConfigFileFactory.java may be found in Glassfish.
Use of a common factory, would then allow simple common persistent configuration of the
JAASServletAuthConfigProvider, and of any other AuthConfigProviders that should be
available in the vendor environment.
If you are interested in the use of JASPIC within Servlet, you should consider tracking
or participating in the open source project Nobis (i.e the RI of JSR 351) where we are
working to facilitate portable authentication mechanims pluggability in the context of a
standard AttributeService and representation of Identity Atrributes. We have already begun
the process of creating some portable ServerAuthModuels (Facebook Connect, and SAML Web
SSO) and are working to failitate portable configuration (as described above) see
ps: we are reviewing the portability and packaging of the glassfish systems mentioned
above as part of the Nobis project. If you see any problems please feel free to create an
issue in the Nobis issue tracker.
Ron, early on in jsr 196 spec calls, I did emphasise that we need to standardize
the configuration. I had foreseen this challenge then.
We can definitely take a look at what you have done.