[jboss-dev-forums] [PicketBox Development] - JBoss AS7: Enabling JASPI Authentication for Web Applications
Anil Saldhana
do-not-reply at jboss.com
Mon Jun 4 11:47:00 EDT 2012
Anil Saldhana [https://community.jboss.org/people/anil.saldhana] commented on the document
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17782#comment-10016
--------------------------------------------------
> arjan tijms wrote:
>
>
>
> > Josef Cacek wrote:
> >
> > I think the ServerAuthModule implementations in the org.jboss.as.web.security.jaspi.modules package are ready for use (handle the HTTP BASIC, FORM and CLIENT-CERT authentication).
> >
>
> Do you mean by that that in an upcomming version of JBoss AS, those will indeed become the default and thus explicitly configuring org.jboss.as.web.security.jaspi.WebJASPIAuthenticator won't be needed anymore?
>
> In the version shipping with 7.1.1 there are some rather severe bugs btw, like a NPE if a Subject has no roles (a fix is already committed:
> https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d535677503063 https://github.com/sguilhen/jboss-as/commit/78bc38740a3d35367fb3338cfc5d535677503063).
>
Probably not. Unless we get JASPI rock solid as a specification and get people to actually get into that mode, we cannot just make it the default.
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120604/8ea06534/attachment.html
More information about the jboss-dev-forums
mailing list