[
https://issues.jboss.org/browse/JBWEB-228?page=com.atlassian.jira.plugin....
]
karin k commented on JBWEB-228:
-------------------------------
OK. I think I see your point. To summarize: your proposal would be to implement a JBoss AS
7 extension (subsystem) for loading the authenticator valve and adding it to the valve
chain. Right?
I personally think this is much better than configuring it per app in the jboss-web.xml
file (because it would not need an additional configuration on application
developer/deployer side, besides application developer/deployers don't have to care
where to get the classes from).
IMO I still think this approach would have 2 drawbacks (when comparing it with the
possibility of the registration of the Authenticator in the file Authenticator.properties
file):
* Developer/Deployer cannot configure the Authenticator by means of web.xml. It's even
not possible to see by means of the web.xml file which Authenticator is really in use.
As far as I know if a custom Authenticator is configured as a valve, JBoss will always
take the valve configuration and will ignore the configuration in the web.xml file.
This could be tricky (somehow magic) in terms of support and maintenance
* The valve cannot be enabled/disabled by means of a deployment. It will be either always
enabled or disabled (if we control this by means of a system property). For instance it is
not possible to have 2 different War files deployed in one JBoss where one needs my custom
Authenticator and the other one needs a Java EE Standard Authenticator. -> Using the
jboss-web.xml approach per deployment this requirement can be solved (coming along with
the drawback of a more tricky configuration (and class loading).
I don't understand why JBoss cannot just provide the possibility to plugin custom
authenticators and the required configuration for them (including the mapping to a
auth-method usable in the web.xml file) in the standard subsystem web.
From my point of view a custom Authenticator is different from a
normal valve in terms of it should support and act the same way as the standard Java EE
authenticators. And I don't see a way to achieve that when just treating it like a
normal valve (neither when using jboss-web.xml file to configure it, nor using a JBoss
Extension subsystem).
To detail the requirement
- The authenticator should be made available globally (just like the standard Java EE
Authenticators are made available by the container)
- The authenticator should be configurable / enabled per deployment (the same way like it
is for a standard Java EE Authenticator)
- And best would be that the configuration mechanism in use is the same than it would be
for Java EE standard authenticators (using a custom auth-method in the web.xml file)
Globally configure an Authenticator Valve for the whole JBoss.
--------------------------------------------------------------
Key: JBWEB-228
URL:
https://issues.jboss.org/browse/JBWEB-228
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: JBossWeb-7.0.0.GA, JBossWeb-7.0.1.GA , JBossWeb-7.0.2.GA,
JBossWeb-7.0.9.GA
Reporter: Mo Zo
Assignee: Remy Maucherat
Please add an option to set and configure an Authenticator (Valve) globally for all
applications in a JBoss by using standard JBoss mechanisms like domain.xml, standalone.xml
and DMR, so that it would be possible to reference an Authenticator like this:
web.xml
<login-config>
<auth-method>CUSTOM</auth-method>
</login-config>
To achieve this I had to modify:
...\modules\org\jboss\as\web\main\jbossweb-7.0.X.Final.jar\org\apache\catalina\startup\Authenticators.properties
CUSTOM=<full qualified authenticator class name>
which certainly is not a good way.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira