Re: [jboss-dev-forums] [PicketBox Development] - JBoss AS7: Enabling JASPI Authentication for Web Applications - jboss-dev-forums

Monday, 4 June 2012

Anil Saldhana [https://community.jboss.org/people/anil.saldhana] commented on the
document

"JBoss AS7: Enabling JASPI Authentication for Web Applications"

To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17782#comment-10016

--------------------------------------------------
...
 arjan tijms wrote:

 > Josef Cacek wrote:
 > 
 > I think the ServerAuthModule implementations in the
org.jboss.as.web.security.jaspi.modules package are ready for use (handle the HTTP BASIC,
FORM and CLIENT-CERT authentication).
 > 

 Do you mean by that that in an upcomming version of JBoss AS, those will indeed become
the default and thus explicitly configuring
org.jboss.as.web.security.jaspi.WebJASPIAuthenticator won't be needed anymore?

 In the version shipping with 7.1.1 there are some rather severe bugs btw, like a NPE if a
Subject has no roles (a fix is already committed: 
  https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d5...
https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d5...).
  Probably not. Unless we get JASPI rock solid as a specification and get people to
actually get into that mode, we cannot just make it the default.
--------------------------------------------------

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: [jboss-dev-forums] [PicketBox Development] - JBoss AS7: Enabling JASPI Authentication for Web Applications