Re: [security-dev] Undertow / IdentityManager and Digest Authentication
On 01/05/13 09:45, Shane Bryzak wrote:
On 01/05/13 16:46, Darran Lofthouse wrote:
> but we also have requirements now moving beyond
> the account verification step. As I mentioned before we are now going
> to require code related to HTTP authentication in a CredentialHandler
> and we are going to require code related to SASL authentication in there.
You don't *have* to put HTTP or SASL specific code in the
CredentialHandler implementation itself, there are ways to avoid this.
That is what I am interested in hearing about - the example I am being
shown as the correct way to do this contains HTTP specific code.
I should also mention, when it comes to the authentication / validation
there is actually no such thing as a digest credential - what there
actually is is a response to a challenge, this response will then
potentially be different for every message received from the remote client.
> Regards,
> Darran Lofthouse.
>
>
>
[1]
http://anonsvn.jboss.org/repos/picketlink/idm/downloads/docs/1.0.0.GA/Ref...