Re: [undertow-dev] AuthenticationMechanism, ChallengeResult and Response Code
On 12/20/2013 5:44 AM, Darran Lofthouse wrote:
Thanks for the clarification Bill.
So in your case we know in advance that there is a single mechanism
which should be the only mechanism sending challenges and at least one
more mechanism that can perform the authentication without the need to
send challenges.
I am just wondering for this scenario if we can handle this better
during registration of the mechanisms rather than at runtime processing
a request.
If an OAUTH or OpenID mechanism could be guarenteed to be last to
authenticate(), then these mechanisms could pass back a
NOT_AUTHENTICATED instead of a NOT_ATTEMPTED and perform the redirect
within authenticate()...
OR
If OATH/OpenID could be guaranteed to be first to sendChallenge, then it
could end the exchange as Stuart suggested.
Another thing that might work is if the exchange could be "rolled back".
Then the OAUTH/OpenID could rollback any changes made in other
sendChallenge() requests and end() the exchange. Order wouldn't matter
then.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com