The security configuration of Remoting within AS7 is based on supplying three things: -
- The ServerAuthenticationProvider to obtain mechanism specific CallbackHanlders
- The OptionMap to control the security mechanisms made available / mandated.
- Possibly an initialised SSLContext for XnioSsl if SSL is being enabled.
For domain management the capabilities of the backing realm are used to define the security offered i.e. if we have no SSL configuration we can not enable SSL, if the backing store can not return the plain text passwords we can not enable DIGEST. This has been achieved so far by using an intermediary service to define the configuration based on capabilities alone.
This task it to take it one step further and allow this intermediary to be defined within the Remoting subsystem and maybe an equivalent for pure domain management to act as both a intermediary to define configuration based on the realm and also to allow additional configuration overrides. i.e. we need to support the additional SASL options available and SSL options available - this will somehow need to be merged / validated with the realm capabilities e.g. if a Realm is incompatible with Digest a user can not force the use of Digest.