axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepal Jayasinghe (JIRA)" <>
Subject [jira] Commented: (AXIS2-581) Pluggable security/authentication support
Date Fri, 21 Apr 2006 10:27:06 GMT
    [ ] 

Deepal Jayasinghe commented on AXIS2-581:

Applied the patch.
Thanks again for the patch and to contribution to improve the quality of web admin module

> Pluggable security/authentication support
> -----------------------------------------
>          Key: AXIS2-581
>          URL:
>      Project: Apache Axis 2.0 (Axis2)
>         Type: Wish

>   Components: Tools
>     Versions: 0.95
>     Reporter: Jens Schumann
>  Attachments: admin-console-proposal.tar.gz, admin-fixes-patch.tar.gz
> Right now axis2 uses a proprietary security mechanism for authenticating users. The current
mechanism has two drawbacks:
> 1. It requires setting username/password in axis2.xml, which will be done BEFORE build
time. Having username/passwds within a deployment units isn't the best way to do it.
> 2. As seen in AXIS2-580 the security check can be easily broken by new code in axis2.
> I recommend to rebuild the security implementation from scratch and create either
> A) a pluggable security mechanism that lets users replace the security mechanism with
their own authentication mechanism or
> B) use standard web security.
> Of course B will have consequences for the current axis2.war - it won't be that easy
to create a drop-in web archive which will work accross all web containers . However I would
appreciate if axis2 would support it.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message