[security-dev] Undertow / IdentityManager and Digest Authentication
darran.lofthouse at jboss.com
Wed May 1 04:56:42 EDT 2013
On 01/05/13 09:45, Shane Bryzak wrote:
> On 01/05/13 16:46, Darran Lofthouse wrote:
>> but we also have requirements now moving beyond
>> the account verification step. As I mentioned before we are now going
>> to require code related to HTTP authentication in a CredentialHandler
>> and we are going to require code related to SASL authentication in there.
> You don't *have* to put HTTP or SASL specific code in the
> CredentialHandler implementation itself, there are ways to avoid this.
That is what I am interested in hearing about - the example I am being
shown as the correct way to do this contains HTTP specific code.
I should also mention, when it comes to the authentication / validation
there is actually no such thing as a digest credential - what there
actually is is a response to a challenge, this response will then
potentially be different for every message received from the remote client.
>> Darran Lofthouse.
More information about the security-dev