[jboss-jira] [JBoss JIRA] (ELY-558) Introduce generalized support for authentication timeout of mechanisms
David Lloyd (JIRA)
issues at jboss.org
Wed Jun 1 10:49:01 EDT 2016
David Lloyd created ELY-558:
-------------------------------
Summary: Introduce generalized support for authentication timeout of mechanisms
Key: ELY-558
URL: https://issues.jboss.org/browse/ELY-558
Project: WildFly Elytron
Issue Type: Enhancement
Components: Authentication Mechanisms, Utils
Reporter: David Lloyd
Fix For: 1.1.0.Beta6
Paraphrasing from HipChat discussion.
Generic mechanism wrappers for handling authentication timeout will not only support OTP-style credential read-modify-write authentication mechanisms, but generally avoid certain DoS conditions and failure states that would be associated with long locking of credentials (even in the read case).
This issue is to implement a wrapping mechanism factory (for at least SASL and possibly HTTP as well, eventually) which supports authentication timeout by judicious usage of concurrency primitives and timed executors. It is important to guarantee thread-safe access to the underlying mechanism, which are generally concurrency-unsafe.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list