arjan tijms [
https://community.jboss.org/people/atijms] commented on the document
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17782#comment-10014
--------------------------------------------------
Josef Cacek wrote:
I think the ServerAuthModule implementations in the
org.jboss.as.web.security.jaspi.modules package are ready for use (handle the HTTP BASIC,
FORM and CLIENT-CERT authentication).
Do you mean by that that in an upcomming version of JBoss AS, those will indeed become the
default and thus explicitly configuring
org.jboss.as.web.security.jaspi.WebJASPIAuthenticator won't be needed anymore?
In the version shipping with 7.1.1 there are some rather severe bugs btw, like a NPE if a
Subject has no roles (a fix is already committed:
https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d5...
https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d5...).
--------------------------------------------------