Re: [undertow-dev] AuthenticationMechanismFactory
On Dec 13, 2013, at 9:55 AM, Marc Boorshtein <marc.boorshtein(a)tremolosecurity.com>
wrote:
Have an enum on the auth method (Authmethod.FORM, AuthMethod.DIGEST,
AuthMethod.BASIC, AuthMethod.JASPI) (The web.xml login-method is just a
string) and then use the addFirstAuthenticationMechanism() or
setAuthenticationMechanism api to install this adhoc low demand jaspi
mechanism. Users should be able to provide arbitrary string to the API
method.
+1 I've been following this discussion and have written authentication systems for
JBoss, Tomcat, Weblogic, IIS, Apache, etc and having to constrain to one of a few
pre-defined methods is beyond frustrating.
AFAICT thats never been an option (to limit the user to a canned auth mechanism). I think
the intention was to allow for multiple authentication mechanisms to cooperate, and to
allow for some uniformity in configuration and selection of them. It seems to be a tried
and true concept (e.g. PAM). Although I think its great to nitpick the API. It should be
as easy as possible.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat