[jboss-dev-forums] [PicketBox Development] - JBoss AS7: Enabling JASPI Authentication for Web Applications
61 Monzillo
do-not-reply at jboss.com
Wed Jan 30 11:44:18 EST 2013
61 Monzillo [https://community.jboss.org/people/monzillo] commented on the document
"JBoss AS7: Enabling JASPI Authentication for Web Applications"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17782#comment-11491
--------------------------------------------------
validateRequest *should* be called under HttpServletRequest.authenticate; but that has not yet been made explicit in the Servlet Profile of JSR 196 (and will be the subject of the next MR to the spec). ValidateRequest should not be called under HttpServletRequest.login mostly because login presumes a user name/password authentication mechanism (which may not be compatible with the configured auth context). it might be worth considering having login use the callback handler to handle a passwordValidationCallback (if jsr 196 is configured for the app), in which case the login impl login would need access to the same callback handler that was passed to the 196 auth context configured for the app. I will think about how that might be possible, but at this time, the main integration point for jsr 196 and programmatic login should be authenticate (not login).
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130130/b3b88972/attachment.html
More information about the jboss-dev-forums
mailing list