[jboss-jira] [JBoss JIRA] (ELY-36) Authentication Context Lifecycle
Darran Lofthouse (JIRA)
issues at jboss.org
Thu Jul 31 12:30:30 EDT 2014
Darran Lofthouse created ELY-36:
-----------------------------------
Summary: Authentication Context Lifecycle
Key: ELY-36
URL: https://issues.jboss.org/browse/ELY-36
Project: WildFly Elytron
Issue Type: Task
Security Level: Public (Everyone can see)
Components: API / SPI
Reporter: Darran Lofthouse
Fix For: 1.0.0.Beta1
The authentication context is used with a sequence of calls during the authentication process, this task is to look into how we can apply a lifecycle to that so that appropriate clean up can be performed.
This could be closely related to ELY-35 which specifically looks at outcome notification.
When considering a lifecycle I think we have two key events to think about, the most natural one being once the authentication process is complete regardless of outcome - however should also consider intermediate responses going back to the client - we do not want to be holding onto expensive resources once we pass control back to the client as that risks a Dos based attack.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list