[ http://issues.apache.org/jira/browse/AXIS2-581?page=comments#action_12375532 ]
Deepal Jayasinghe commented on AXIS2-581: ----------------------------------------- Applied the patch. Thanks again for the patch and to contribution to improve the quality of web admin module > Pluggable security/authentication support > ----------------------------------------- > > Key: AXIS2-581 > URL: http://issues.apache.org/jira/browse/AXIS2-581 > Project: Apache Axis 2.0 (Axis2) > Type: Wish > Components: Tools > Versions: 0.95 > Reporter: Jens Schumann > Attachments: admin-console-proposal.tar.gz, admin-fixes-patch.tar.gz > > Right now axis2 uses a proprietary security mechanism for authenticating > users. The current mechanism has two drawbacks: > 1. It requires setting username/password in axis2.xml, which will be done > BEFORE build time. Having username/passwds within a deployment units isn't > the best way to do it. > 2. As seen in AXIS2-580 the security check can be easily broken by new code > in axis2. > I recommend to rebuild the security implementation from scratch and create > either > A) a pluggable security mechanism that lets users replace the security > mechanism with their own authentication mechanism or > B) use standard web security. > Of course B will have consequences for the current axis2.war - it won't be > that easy to create a drop-in web archive which will work accross all web > containers . However I would appreciate if axis2 would support it. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
