Details

      Description

      The REST server doesn't handle authentication very efficiently:

      • it always checks for authentication even when it's disabled
      • it obtains the authenticated Subject from the realm on every request

      we should optimize it as follows:

      • move authentication to a dedicated channel handler which is installed only when enabled
      • keep the authenticated Subject in the authentication handler, as well as any headers required by the mech in use to quickly validate the request and skip interaction with the security realm for keep-alive connections

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                NadirX Tristan Tarrant
                Reporter:
                NadirX Tristan Tarrant
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: