[jboss-jira] [JBoss JIRA] (AS7-6833) JSR-196 JASPIC 1.1 Support
arjan tijms (JIRA)
jira-events at lists.jboss.org
Sat Apr 20 05:50:53 EDT 2013
[ https://issues.jboss.org/browse/AS7-6833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12768952#comment-12768952 ]
arjan tijms commented on AS7-6833:
----------------------------------
About the new JASPIC 1.1 feature where a SAM can indicate it wants the container to establish an authentication session:
The spec is not entirely clear on this, but in an email exchange with Ron Monzillo I got some explanations, which may be useful to share. I've added them to a blog article about this feature here: http://arjan-tijms.blogspot.com/2013/04/whats-new-in-java-ee-7s-authentication.html
See also: https://java.net/jira/browse/GLASSFISH-20317
Note that this new feature may require some extra attention for the JBoss implementation, since JBoss is already remembering the authenticated identity without the SAM asking for it, and without the SAM being asked to re-authenticate (which I think is not entirely spec compliant).
> JSR-196 JASPIC 1.1 Support
> --------------------------
>
> Key: AS7-6833
> URL: https://issues.jboss.org/browse/AS7-6833
> Project: Application Server 7
> Issue Type: Sub-task
> Components: Security
> Reporter: David Lloyd
> Assignee: Stefan Guilhen
> Fix For: 8.0.0.Alpha1
>
>
> Provide support for the 1.1 maintenance release of JASPIC.
> http://jcp.org/aboutJava/communityprocess/maintenance/jsr196/196ChangeLog.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list