[jboss-as7-dev] Security Domain Config: JASPI vs Classic?
Anil Saldhana
Anil.Saldhana at redhat.com
Mon Oct 3 11:38:09 EDT 2011
The JASPI config is an on demand configuration that provides
capabilities to configure
authentication config providers (similar to the JAAS login modules). If
the jaspi modules
want to delegate the core authentication aspects to the jaas login
modules, they do
it via the login config bridge name.
On 10/03/2011 09:16 AM, Stefan Guilhen wrote:
> I forgot to comment about this reference in the other e-mail. There's no
> authorization -> authentication reference, its all about authentication.
> This reference is just a way to tell the jaspi authenticator which JAAS
> config it should use to delegate the authentication to once the security
> attributes have been established.
>
> 10/03/2011 10:45 AM, Jason T. Greene wrote:
>> Right now I'm preserving the existing layout of two separate sections, I
>> was just wondering if there was any benefit I was missing. For example,
>> is the authorization -> authentication reference a problem for classic auth?
>>
>> On 10/3/11 8:43 AM, Marcus Moyses wrote:
>>> Do you plan to make those attributes optional or mandatory? I guess if
>>> they were optional there would be no problem to merge the
>>> configurations. Making them required would add some confusion to
>>> customers I guess.
>>> Anyway, Stefan implemented the JASPI integration last week and was about
>>> to send a pull request so you might want to check with him so your
>>> commits don't conflict.
>>>
>>> On 10/03/2011 02:28 AM, Jason T. Greene wrote:
>>>> Right now the security domain configuration has separate sections for
>>>> JASPI and Classic/Basic authentication. The only difference seems to
>>>> be that JASPI authentication requires an additional name field per
>>>> module, and JASPI authorization requires an additional login-module
>>>> reference. So essentially its a superset.
>>>>
>>>> Is there a reason we would not want to just switch to the JASPI style
>>>> of specification, and eliminate the classic style. A name per login
>>>> module seems useful anyway.
More information about the jboss-as7-dev
mailing list