[jboss-as7-dev] web security extensions
Darran Lofthouse
darran.lofthouse at jboss.com
Thu Jun 9 06:29:37 EDT 2011
On 06/09/2011 11:24 AM, Remy Maucherat wrote:
>> Finally, what about my idea to delegate more to the security domain?
>> Like what authentication mechanism to apply, what valves to apply, etc.?
>> I can see where you'd want one place to be able to modify how a set of
>> web apps are authenticated.
>
> Valves can also be added by other subsystems. The security subsystem can
> see that SNEPGO has been set as the auth method, and set whatever valve
> it needs to implement it.
I like the sound of that, I may try adding that - that way we don't need
a configuration map and just a check if JBoss Negotiation is available
and the method set to SPNEGO to trigger adding the valve.
>
More information about the jboss-as7-dev
mailing list