[jboss-jira] [JBoss JIRA] (ELY-470) HTTP Form Authentication
Darran Lofthouse (JIRA)
issues at jboss.org
Thu Apr 21 07:38:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated ELY-470:
---------------------------------
Description:
The mechanism should be usable both in a Servlet container and non Serlvet container environment.
For FORM authentication we predominantly have an error page and a login page to display these can be displayed on one of three ways: -
1. Redirect to the appropriate page - this does not provide compatibility with other mechanisms as the redirect is triggered with a status code so a 401 can not be sent as well.
2. Serve up the raw resource, this will work for static pages but if the login page is dynamically generated will not be suitable.
3. Forward the request within the server to serve the page content, this allows all additional server side processing such as jsp pages to be served.
An additional consideration is multi-step FORM based authentication e.g.
1. User supplies username and password.
2. If user configured for OTP additional challenge sent asking for next token.
On this case at step 1 the user could possibly only be prompted for a username, after that a user appropriate challenge can be sent.
was:
The mechanism should be usable both in a Servlet container and non Serlvet container environment.
For FORM authentication we predominantly have an error page and a login page to display these can be displayed on one of three ways: -
1. Redirect to the appropriate page - this does not provide compatibility with other mechanisms as the redirect is triggered with a status code so a 401 can not be sent as well.
2. Serve up the raw resource, this will work for static pages but if the login page is dynamically generated will not be suitable.
3. Forward the request within the server to serve the page content, this allows all additional server side processing such as jsp pages to be served.
An additional consideration is multi-step FORM based authentication e.g.
1. User supplies username and password.
2. If user configured for OTP additional challenge sent asking for next token.
> HTTP Form Authentication
> ------------------------
>
> Key: ELY-470
> URL: https://issues.jboss.org/browse/ELY-470
> Project: WildFly Elytron
> Issue Type: Sub-task
> Components: HTTP
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.1.0.Beta6
>
>
> The mechanism should be usable both in a Servlet container and non Serlvet container environment.
> For FORM authentication we predominantly have an error page and a login page to display these can be displayed on one of three ways: -
> 1. Redirect to the appropriate page - this does not provide compatibility with other mechanisms as the redirect is triggered with a status code so a 401 can not be sent as well.
> 2. Serve up the raw resource, this will work for static pages but if the login page is dynamically generated will not be suitable.
> 3. Forward the request within the server to serve the page content, this allows all additional server side processing such as jsp pages to be served.
> An additional consideration is multi-step FORM based authentication e.g.
> 1. User supplies username and password.
> 2. If user configured for OTP additional challenge sent asking for next token.
> On this case at step 1 the user could possibly only be prompted for a username, after that a user appropriate challenge can be sent.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list