-
Enhancement
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
ELY-1526 updated the default provider supplier to be an aggregate of:
- WildFlyElytronProvider
- The security providers loaded using the service loader mechanism ensuring that any provider that is already an installed provider is skipped
- The installed providers
This was done to fix a difference in behaviour on JDK 8 vs. JDK 9. In particular, on JDK 9, the security providers were being loaded in a different order, resulting in the WildFlyElytronProvider no longer being loaded first. Some security providers were also being loaded twice - once from the service loader mechanism and once from the installed list of providers.
This task follows up on ELY-1526 to introduce a security provider selector mechanism that allows security providers to be selected and ordered based on certain criteria. David Lloyd mentioned the following idea for this in WFLY-9899:
Introduce a security provider selector mechanism that works similarly to the SASL and TLS cipher suite selector mechanisms, which allows providers to be selected and ordered by whatever criteria we can (name, name+version, class name, package name, source module all spring to mind, but there may be more as well including filtering (i.e. allowing only certain service entries of a given provider to "peek through"))
See WFLY-9899 for the full discussion.