[jboss-jira] [JBoss JIRA] (ELY-36) Server Authentication Context Lifecycle
David Lloyd (JIRA)
issues at jboss.org
Tue Oct 6 23:01:00 EDT 2015
[ https://issues.jboss.org/browse/ELY-36?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13115722#comment-13115722 ]
David Lloyd commented on ELY-36:
--------------------------------
We should be fairly close to solving this. There are some oddities with the {{ServerAuthenticationContext}} state machine yet though.
> Server Authentication Context Lifecycle
> ---------------------------------------
>
> Key: ELY-36
> URL: https://issues.jboss.org/browse/ELY-36
> Project: WildFly Elytron
> Issue Type: Task
> Components: API / SPI
> Reporter: Darran Lofthouse
> Fix For: 1.1.0.Beta1
>
>
> The authentication context is used with a sequence of calls during the authentication process, this task is to look into how we can apply a lifecycle to that so that appropriate clean up can be performed.
> This could be closely related to ELY-35 which specifically looks at outcome notification.
> When considering a lifecycle I think we have two key events to think about, the most natural one being once the authentication process is complete regardless of outcome - however should also consider intermediate responses going back to the client - we do not want to be holding onto expensive resources once we pass control back to the client as that risks a Dos based attack.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list