Return-Path: 
 <dev-return-9665-apmail-geronimo-dev-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-dev-archive@www.apache.org
Received: (qmail 21284 invoked from network); 31 Oct 2004 04:16:55 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 31 Oct 2004 04:16:55 -0000
Received: (qmail 56500 invoked by uid 500); 31 Oct 2004 04:15:54 -0000
Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org
Received: (qmail 56465 invoked by uid 500); 31 Oct 2004 04:15:53 -0000
Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:dev-help@geronimo.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@geronimo.apache.org>
list-post: <mailto:dev@geronimo.apache.org>
Reply-To: dev@geronimo.apache.org
Delivered-To: mailing list dev@geronimo.apache.org
Delivered-To: moderator for dev@geronimo.apache.org
Received: (qmail 29835 invoked by uid 99); 31 Oct 2004 03:25:23 -0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=PRIORITY_NO_NAME
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Date: Sun, 31 Oct 2004 04:25:00 +0100
From: Bo Friis <bofriis@get2net.dk>
Reply-To: Bo Friis <bofriis@get2net.dk>
Organization: Applied Crypto ApS
X-Priority: 3 (Normal)
Message-ID: <1042589570.20041031042500@get2net.dk>
To: dev@geronimo.apache.org
Subject: adding support for pluggable authenticators (HTTP) (adding support
 for SPNEGO/Kerberos)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at amavis
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Hi dev,

Im interested in support for pluggable authenticators. I have at least
one possible two types of authenticators i would like to be able to
plugin. One is SPNEGO (Kerberos over HTTP). This is supported by IE,
FireFox and Mozilla.

SPNEGO scheme requires a challenge-response scheme like the
Digest/Basic where the server must send a 401 back to the browser.

As I see it and correct me if im wrong, its not possible to plugin
custom authenticators and im not sure where to add this but I have
some suggestions.

WebApplicationContext.initLoginConfig() instansiates the authenticator
based on the web app deployment descriptor. I would prefer to have the
ability to extend this list of authenticators, alternatively the
ability to replace one of the standard authenticators.


/Bo
http://appliedcrypto.com