[jboss-jira] [JBoss JIRA] (AS7-3691) A Negotiated HTTP Authenticator
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Mon Apr 30 06:00:19 EDT 2012
[ https://issues.jboss.org/browse/AS7-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated AS7-3691:
----------------------------------
Fix Version/s: 7.2.0.Alpha1
(was: 7.1.2.Final-redhat1)
Moving this one to the start of AS 7.2.x as this is going to require some additional work.
In the meantime we do now have a LoginModule that delegates password verification to the realm directly so the realm based security mechanisms can be used to secure web applications.
> A Negotiated HTTP Authenticator
> -------------------------------
>
> Key: AS7-3691
> URL: https://issues.jboss.org/browse/AS7-3691
> Project: Application Server 7
> Issue Type: Task
> Components: Domain Management, Security, Web
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 7.2.0.Alpha1
>
>
> Historically we have become constrained by an assumption that there should be a single authentication mechanism assigned to a web application.
> The HTTP specification however allows for multiple mechanisms to be used in parallel - this task is to investigate the feasibility of writing a single authenticator that is compatible with both JBoss Web and the Sun HTTP server used within AS7 to support a negotiated authentication using a single authenticator backed by a CallbackHandler based realm.
> The most common example is fallback from SPNEGO to a username / password based mechanism but for domain management we have also a case of trying to use CLIENT-CERT authentication first and then fallback if that is not possible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list