[jboss-jira] [JBoss JIRA] (ELY-282) Formalize multiple credential support

Jan Kalina (JIRA) issues at jboss.org
Thu Sep 3 08:38:00 EDT 2015 

    [ https://issues.jboss.org/browse/ELY-282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13105133#comment-13105133 ] 

Jan Kalina commented on ELY-282:
--------------------------------

If not will mind, I will take *steps 1-5.* - this interface change is little blocking my current progress on LDAP modifiability.

> Formalize multiple credential support
> -------------------------------------
>
>                 Key: ELY-282
>                 URL: https://issues.jboss.org/browse/ELY-282
>             Project: WildFly Elytron
>          Issue Type: Task
>          Components: API / SPI, Realms
>            Reporter: David Lloyd
>            Priority: Critical
>             Fix For: 1.1.0.Alpha1
>
>
> Tackle the multiple credential problem directly rather than work around it.  This requires multiple steps:
> # In {{org.wildfly.security.auth.server.RealmIdentity}}, the credential access methods should drop {{credentialType}} and {{algorithmName}} and replace them with a single {{credentialName}}.  The sole exception should be the {{getCredential}} method, which can retain the {{credentialType}} parameter in order to perform a soft cast-or-null operation for convenience.  The {{verifyCredential}} method will need a {{credentialName}} parameter added.
> # Add a method to {{RealmIdentity}} which can be used to query for the existence of a credential with the given label, e.g. {{hasCredential(String)}}.
> # Modify {{org.wildfly.security.auth.server.ModifiableRealmIdentity}} to add a {{credentialName}} parameter to {{setCredential}}.
> # Add a method to {{ModifiableRealmIdentity}} to delete a single named credential.
> # Modify the {{setCredentials}} method of {{ModifiableRealmIdentity}} to accept a {{Map<String,Object>}} instead of a {{List<Object>}}.
> # Add a credential selection mapper mechanism which can consume authentication process information and use it to yield a credential label.  Some implementation ideas:
> #* A functional interface which accepts the (mapped) name, authentication mechanism type (e.g. SASL vs HTTP vs ???), optional protocol type (e.g. SASL field), actual mechanism name (e.g. "DIGEST-MD5") and yields the label name or a list (in descending order of preference) of label names
> #* Note that the approach must be forwards-compatible if we need to add more criteria to the mapping process
> # Provide a default setting which selects a label from a simple predefined scheme based on the kind of authentication being performed (e.g. SASL "DIGEST-MD5" could prefer "sasl-digest" and then "clear-password", SASL "CLEAR" could prefer "password" and then "clear-password", etc.).



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list