[jboss-jira] [JBoss JIRA] (AS7-3691) A Negotiated HTTP Authenticator

A Negotiated HTTP Authenticator ------------------------------- Key: AS7-3691 URL: https://issues.jboss.org/browse/AS7-3691 Project: Application Server 7 Issue Type: Task Components: Domain Management, Security, Web Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.1.2.Final Historically we have become constrained by an assumption that there should be a single authentication mechanism assigned to a web application. The HTTP specification however allows for multiple mechanisms to be used in parallel - this task is to investigate the feasibility of writing a single authenticator that is compatible with both JBoss Web and the Sun HTTP server used within AS7 to support a negotiated authentication using a single authenticator backed by a CallbackHandler based realm. The most common example is fallback from SPNEGO to a username / password based mechanism but for domain management we have also a case of trying to use CLIENT-CERT authentication first and then fallback if that is not possible.