-
Task
-
Resolution: Obsolete
-
Major
-
None
-
None
Historically we have become constrained by an assumption that there should be a single authentication mechanism assigned to a web application.
The HTTP specification however allows for multiple mechanisms to be used in parallel - this task is to investigate the feasibility of writing a single authenticator that is compatible with both JBoss Web and the Sun HTTP server used within AS7 to support a negotiated authentication using a single authenticator backed by a CallbackHandler based realm.
The most common example is fallback from SPNEGO to a username / password based mechanism but for domain management we have also a case of trying to use CLIENT-CERT authentication first and then fallback if that is not possible.
- blocks
-
WFLY-1197 Port the legacy jmx-console to AS7
-
- Closed
-
-
-
- Open
-
- relates to
-
-
- Resolved
-
[WFLY-1239] A Negotiated HTTP Authenticator
Darran Lofthouse
added a comment - Moving this one to the start of AS 7.2.x as this is going to require some additional work.
In the meantime we do now have a LoginModule that delegates password verification to the realm directly so the realm based security mechanisms can be used to secure web applications.
Darran Lofthouse
added a comment - Moving this one to the start of AS 7.2.x as this is going to require some additional work.
In the meantime we do now have a LoginModule that delegates password verification to the realm directly so the realm based security mechanisms can be used to secure web applications. 
WildFly has moved to Undertow which already supports multiple authentication mechanisms.