[ http://issues.apache.org/jira/browse/AXIS2-581?page=all ]
Davanum Srinivas resolved AXIS2-581.
------------------------------------
Resolution: Fixed
Since Deepal has committed all the patches. closing as fixed.
thanks,
dims
> Pluggable security/authentication support
> -----------------------------------------
>
> Key: AXIS2-581
> URL: http://issues.apache.org/jira/browse/AXIS2-581
> Project: Apache Axis 2.0 (Axis2)
> Issue Type: Wish
> Components: Tools
> Affects Versions: 0.95
> Reporter: Jens Schumann
> Attachments: admin-console-proposal.tar.gz, admin-fixes-patch.tar.gz
>
>
> Right now axis2 uses a proprietary security mechanism for authenticating
> users. The current mechanism has two drawbacks:
> 1. It requires setting username/password in axis2.xml, which will be done
> BEFORE build time. Having username/passwds within a deployment units isn't
> the best way to do it.
> 2. As seen in AXIS2-580 the security check can be easily broken by new code
> in axis2.
> I recommend to rebuild the security implementation from scratch and create
> either
> A) a pluggable security mechanism that lets users replace the security
> mechanism with their own authentication mechanism or
> B) use standard web security.
> Of course B will have consequences for the current axis2.war - it won't be
> that easy to create a drop-in web archive which will work accross all web
> containers . However I would appreciate if axis2 would support it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
