[jboss-as7-dev] security/web sucks, what can we change?
Remy Maucherat
rmaucher at redhat.com
Fri Jun 17 11:41:35 EDT 2011
On Fri, 2011-06-17 at 10:56 -0400, Bill Burke wrote:
> - Add ability to define JBossWeb Authenticators. Tomcat/JBossWeb
> already has this ability inheritently built in, but unexposed. Similar
> to DomainMapping, we'll have a org.jboss.web.Authenticators file that
> has a class/auth-method mapping.
>
> I am already prototyping this stuff in my git branch. I'm pretty sure
> it can require zero changes to JBossWeb which should avoid getting Remy
> all flustered.
You can already add any authenticator you like in your deployer (like if
you see JBOSS-SECURITY-DOMAIN in web.xml, you can add
JBossSecurityDomainAuthenticator), that's why you don't need to add some
nasty config like the one which existed in AS 6 to do it.
As for the rest, as long as you accept that this is going to be
incompatible with certain mechanisms, like SSO and the new Servlet 3
hooks, then it's probably fine.
--
Remy Maucherat <rmaucher at redhat.com>
Red Hat Inc
More information about the jboss-as7-dev
mailing list