[jboss-jira] [JBoss JIRA] (ELY-558) Introduce generalized support for authentication timeout of mechanisms
Darran Lofthouse (JIRA)
issues at jboss.org
Thu Jul 28 17:17:05 EDT 2016
[ https://issues.jboss.org/browse/ELY-558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated ELY-558:
---------------------------------
Fix Version/s: 1.1.0.Beta8
(was: 1.1.0.Beta7)
> Introduce generalized support for authentication timeout of mechanisms
> ----------------------------------------------------------------------
>
> Key: ELY-558
> URL: https://issues.jboss.org/browse/ELY-558
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: Authentication Mechanisms, Utils
> Reporter: David Lloyd
> Assignee: Farah Juma
> Fix For: 1.1.0.Beta8
>
>
> Paraphrasing from HipChat discussion.
> Generic mechanism wrappers for handling authentication timeout will not only support OTP-style credential read-modify-write authentication mechanisms, but generally avoid certain DoS conditions and failure states that would be associated with long locking of credentials (even in the read case).
> This issue is to implement a wrapping mechanism factory (for at least SASL and possibly HTTP as well, eventually) which supports authentication timeout by judicious usage of concurrency primitives and timed executors. It is important to guarantee thread-safe access to the underlying mechanism, which are generally concurrency-unsafe.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list