[jboss-jira] [JBoss JIRA] (JBWEB-228) Globally configure an Authenticator Valve for the whole JBoss.

karin k (JIRA) jira-events at lists.jboss.org
Fri Feb 10 07:34:52 EST 2012 

    [ https://issues.jboss.org/browse/JBWEB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12665601#comment-12665601 ] 

karin k commented on JBWEB-228:
-------------------------------

OK. I think I see your point. To summarize: your proposal would be to implement a JBoss AS 7 extension (subsystem) for loading the authenticator valve and adding it to the valve chain. Right?

I personally think this is much better than configuring it per app in the jboss-web.xml file (because it would not need an additional configuration on application developer/deployer side, besides application developer/deployers don't have to care where to get the classes from).

IMO I still think this approach would have 2 drawbacks (when comparing it with the possibility of the registration of the Authenticator in the file Authenticator.properties file):
* Developer/Deployer cannot configure the Authenticator by means of web.xml. It's even not possible to see by means of the web.xml file which Authenticator is really in use.
As far as I know if a custom Authenticator is configured as a valve, JBoss will always take the valve configuration and will ignore the configuration in the web.xml file.
This could be tricky (somehow magic) in terms of support and maintenance
* The valve cannot be enabled/disabled by means of a deployment. It will be either always enabled or disabled (if we control this by means of a system property). For instance it is not possible to have 2 different War files deployed in one JBoss where one needs my custom Authenticator and the other one needs a Java EE Standard Authenticator. -> Using the jboss-web.xml approach per deployment this requirement can be solved (coming along with the drawback of a more tricky configuration (and class loading).


I don't understand why JBoss cannot just provide the possibility to plugin custom authenticators and the required configuration for them (including the mapping to a auth-method usable in the web.xml file) in the standard subsystem web.

>From my point of view a custom Authenticator is different from a normal valve in terms of it should support and act the same way as the standard Java EE authenticators. And I don't see a way to achieve that when just treating it like a normal valve (neither when using jboss-web.xml file to configure it, nor using a JBoss Extension subsystem).
To detail the requirement 
-	The authenticator should be made available globally (just like the standard Java EE Authenticators are made available by the container)
-	The authenticator should be configurable / enabled per deployment (the same way like it is for a standard Java EE Authenticator)
-	And best would be that the configuration mechanism in use is the same than it would be for Java EE standard authenticators (using a custom auth-method in the web.xml file)



                
> Globally configure an Authenticator Valve for the whole JBoss.
> --------------------------------------------------------------
>
>                 Key: JBWEB-228
>                 URL: https://issues.jboss.org/browse/JBWEB-228
>             Project: JBoss Web
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>    Affects Versions: JBossWeb-7.0.0.GA, JBossWeb-7.0.1.GA , JBossWeb-7.0.2.GA, JBossWeb-7.0.9.GA
>            Reporter: Mo Zo
>            Assignee: Remy Maucherat
>
> Please add an option to set and configure an Authenticator (Valve) globally for all applications in a JBoss by using standard JBoss mechanisms like domain.xml, standalone.xml and DMR, so that it would be possible to reference an Authenticator like this:
> web.xml
> <login-config>
>      <auth-method>CUSTOM</auth-method>
> </login-config>
> To achieve this I had to modify:
> ...\modules\org\jboss\as\web\main\jbossweb-7.0.X.Final.jar\org\apache\catalina\startup\Authenticators.properties
> CUSTOM=<full qualified authenticator class name>
> which certainly is not a good way.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list