On 12/13/2013 09:55 AM, Marc Boorshtein wrote:

Have an enum on the auth method (Authmethod.FORM, AuthMethod.DIGEST,
AuthMethod.BASIC, AuthMethod.JASPI) (The web.xml login-method is just a
string) and then use the addFirstAuthenticationMechanism() or
setAuthenticationMechanism api to install this adhoc low demand jaspi
mechanism. Users should be able to provide arbitrary string to the API

+1 I've been following this discussion and have written authentication systems for JBoss, Tomcat, Weblogic, IIS, Apache, etc and having to constrain to one of a few pre-defined methods is beyond frustrating.


Hi Marc,
  API design is a hard science anyway.  There are enough theses written on the design, update and compatibility of APIs over the years.

I cannot claim that I understand it completely myself. :)