Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1530

Introduce a security provider selector mechanism

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Authentication Client
    • None

      ELY-1526 updated the default provider supplier to be an aggregate of:

      1. WildFlyElytronProvider
      2. The security providers loaded using the service loader mechanism ensuring that any provider that is already an installed provider is skipped
      3. The installed providers

      This was done to fix a difference in behaviour on JDK 8 vs. JDK 9. In particular, on JDK 9, the security providers were being loaded in a different order, resulting in the WildFlyElytronProvider no longer being loaded first. Some security providers were also being loaded twice - once from the service loader mechanism and once from the installed list of providers.

      This task follows up on ELY-1526 to introduce a security provider selector mechanism that allows security providers to be selected and ordered based on certain criteria. David Lloyd mentioned the following idea for this in WFLY-9899:

      Introduce a security provider selector mechanism that works similarly to the SASL and TLS cipher suite selector mechanisms, which allows providers to be selected and ordered by whatever criteria we can (name, name+version, class name, package name, source module all spring to mind, but there may be more as well including filtering (i.e. allowing only certain service entries of a given provider to "peek through"))

      See WFLY-9899 for the full discussion.

              Unassigned Unassigned
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: