[jboss-jira] [JBoss JIRA] (WFLY-460) Switchable Nonce Handling Strategy for HTTP DigestAuthenticator
Darran Lofthouse (JIRA)
issues at jboss.org
Mon Jun 13 08:39:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-460?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved WFLY-460.
-----------------------------------
Fix Version/s: 10.1.0.Final
Resolution: Out of Date
Current authenticators and authentication mechanisms are deprecated - switching to WildFly Elytron which will have it's own nonce handling strategy.
> Switchable Nonce Handling Strategy for HTTP DigestAuthenticator
> ---------------------------------------------------------------
>
> Key: WFLY-460
> URL: https://issues.jboss.org/browse/WFLY-460
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Labels: Common_Authentication
> Fix For: 10.1.0.Final
>
>
> Allow the nonce strategy to be switchable: -
> 1 - Real 'Number Used Once' - i.e. new nonce for each request.
> 2 - Nonce per connection i.e. as long as a connection is kept alive allow re-use of nonce - new nonce on new connection.
> 3 - Timed nonce - Generate a nonce with a server secret and timestamp, nonce will be accepted for a validity period.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list