[security-dev] [PicketBox 5] - Authentication API

Tuesday, 31 July 2012

Hi All,

    I would like to know your opinion about the authentication API that is being used by
PicketBox 5.You can check an initial documentation here:
https://docs.jboss.org/author/display/SECURITY/PicketBox+Authentication+API.

    We are considering some requirements during the construction of this API. They are as
follows:

            - Easy-to-use and fast to get started;
            - Flexible architecture providing ways to use different mechanisms like
Username/Password, Digest, Certificates, SASL, etc;
            - Unified authentication API.  Although you can use different mechanisms, the
API usage is the same;
            - Allow authentication using multiple stores: properties, databases, ldap,
etc;
            - Hide mechanism`s complexity from users. Users do not need to be aware of the
complexities behind a specific mechanism;
            - Environment agnostic. You can use it in a pure Java SE application and in a
JEE/CDI environment as well;
            - Challenge/Response design;
            - Authentication Events. Users should be able to observe specific
authentication events like pre/pos authentication, failures, etc.
            - Auditing.    

Regards,
Pedro Igor

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[security-dev] [PicketBox 5] - Authentication API