deltaspike-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darran Lofthouse <darran.loftho...@redhat.com>
Subject Security Module
Date Thu, 12 Apr 2012 16:51:48 GMT
Just been having a look at the Security Module page and had a couple of 
comments related to experiences in JBoss AS - Pete suggested I post my 
comments over here.

A few of problems we have had historically in JBoss AS releases 
regarding the authentication at the transport level are: -
- The assumption that everything has a username and a credential.
- That authentication takes a single step.
- That the duration an authentication is valid for can be pre-defined.

Looking at the initial API I just wonder is it also starting to follow 
the same assumptions.  Picking username / password authentication as a 
first step whilst it may be simple historically has led us into 
situations where adding more complex scenarios end up being added as a 
workaround.

I suppose the real question is where would this be used, is this 
something that would only be used within apps that want to establish 
some form of 'security context' with an identity or could this also be 
used in other locations such as valves implementing http authentication. 
  If the former than maybe not a huge issue but if the latter this API 
could be repeating the problems of the past.

Regards,
Darran Lofthouse.


Mime
View raw message