[jboss-jira] [JBoss JIRA] (ELY-282) Formalize multiple credential support

David Lloyd (JIRA) issues at jboss.org
Wed Sep 2 10:18:05 EDT 2015 

David Lloyd created ELY-282:
-------------------------------

             Summary: Formalize multiple credential support
                 Key: ELY-282
                 URL: https://issues.jboss.org/browse/ELY-282
             Project: WildFly Elytron
          Issue Type: Task
          Components: API / SPI, Realms
            Reporter: David Lloyd
            Priority: Critical
             Fix For: 1.1.0.Alpha1


Tackle the multiple credential problem directly rather than work around it.  This requires multiple steps:

# In {{org.wildfly.security.auth.server.RealmIdentity}}, the credential access methods should drop {{credentialType}} and {{algorithmName}} and replace them with a single {{credentialName}}.  The sole exception should be the {{getCredential}} method, which can retain the {{credentialType}} parameter in order to perform a soft cast-or-null operation for convenience.  The {{verifyCredential}} method will need a {{credentialName}} parameter added.
# Add a method to {{RealmIdentity}} which can be used to query for the existence of a credential with the given label, e.g. {{hasCredential(String)}}.
# Modify {{org.wildfly.security.auth.server.ModifiableRealmIdentity}} to add a {{credentialName}} parameter to {{setCredential}}.
# Add a method to {{ModifiableRealmIdentity}} to delete a single named credential.
# Modify the {{setCredentials}} method of {{ModifiableRealmIdentity}} to accept a {{Map<String,Object>}} instead of a {{List<Object>}}.
# Add a credential selection mapper mechanism which can consume authentication process information and use it to yield a credential label.  Some implementation ideas:
#* A functional interface which accepts the (mapped) name, authentication mechanism type (e.g. SASL vs HTTP vs ???), optional protocol type (e.g. SASL field), actual mechanism name (e.g. "DIGEST-MD5") and yields the label name or a list (in descending order of preference) of label names
# Provide a default setting which selects a label from a simple predefined scheme based on the kind of authentication being performed (e.g. SASL "DIGEST-MD5" could prefer "sasl-digest" and then "clear-password", SASL "CLEAR" could prefer "password" and then "clear-password", etc.).




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the jboss-jira mailing list