[jboss-as7-dev] Security Domain Config: JASPI vs Classic?

[Stefan Guilhen]

I forgot to comment about this reference in the other e-mail. There's no 
authorization -> authentication reference, its all about authentication. 
This reference is just a way to tell the jaspi authenticator which JAAS 
config it should use to delegate the authentication to once the security 
attributes have been established.

10/03/2011 10:45 AM, Jason T. Greene wrote:
> Right now I'm preserving the existing layout of two separate sections, I
> was just wondering if there was any benefit I was missing. For example,
> is the authorization ->  authentication reference a problem for classic auth?
>
> On 10/3/11 8:43 AM, Marcus Moyses wrote:
>> Do you plan to make those attributes optional or mandatory? I guess if
>> they were optional there would be no problem to merge the
>> configurations. Making them required would add some confusion to
>> customers I guess.
>> Anyway, Stefan implemented the JASPI integration last week and was about
>> to send a pull request so you might want to check with him so your
>> commits don't conflict.
>>
>> On 10/03/2011 02:28 AM, Jason T. Greene wrote:
>>> Right now the security domain configuration has separate sections for
>>> JASPI and Classic/Basic authentication. The only difference seems to
>>> be that JASPI authentication requires an additional name field per
>>> module, and JASPI authorization requires an additional login-module
>>> reference. So essentially its a superset.
>>>
>>> Is there a reason we would not want to just switch to the JASPI style
>>> of specification, and eliminate the classic style. A name per login
>>> module seems useful anyway.
>