[security-dev] Undertow / IdentityManager and Digest Authentication

Darran Lofthouse darran.lofthouse at jboss.com
Wed May 1 04:56:42 EDT 2013

On 01/05/13 09:45, Shane Bryzak wrote:
> On 01/05/13 16:46, Darran Lofthouse wrote:
>> but we also have requirements now moving beyond
>> the account verification step.  As I mentioned before we are now going
>> to require code related to HTTP authentication in a CredentialHandler
>> and we are going to require code related to SASL authentication in there.
> You don't *have* to put HTTP or SASL specific code in the
> CredentialHandler implementation itself, there are ways to avoid this.

That is what I am interested in hearing about - the example I am being 
shown as the correct way to do this contains HTTP specific code.

I should also mention, when it comes to the authentication / validation 
there is actually no such thing as a digest credential - what there 
actually is is a response to a challenge, this response will then 
potentially be different for every message received from the remote client.

>> Regards,
>> Darran Lofthouse.
> [1]
> http://anonsvn.jboss.org/repos/picketlink/idm/downloads/docs/1.0.0.GA/ReferenceGuide/en-US/html_single/index.html#d0e1102

More information about the security-dev mailing list