Pluggable security/authentication support
-----------------------------------------
Key: AXIS2-581
URL: http://issues.apache.org/jira/browse/AXIS2-581
Project: Apache Axis 2.0 (Axis2)
Type: Wish
Components: Tools
Versions: 0.95
Reporter: Jens Schumann
Right now axis2 uses a proprietary security mechanism for authenticating users.
The current mechanism has two drawbacks:
1. It requires setting username/password in axis2.xml, which will be done
BEFORE build time. Having username/passwds within a deployment units isn't the
best way to do it.
2. As seen in AXIS2-580 the security check can be easily broken by new code in
axis2.
I recommend to rebuild the security implementation from scratch and create
either
A) a pluggable security mechanism that lets users replace the security
mechanism with their own authentication mechanism or
B) use standard web security.
Of course B will have consequences for the current axis2.war - it won't be that
easy to create a drop-in web archive which will work accross all web containers
. However I would appreciate if axis2 would support it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
