[
https://issues.apache.org/jira/browse/GERONIMO-5468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12912365#action_12912365
]
Han Hong Fang commented on GERONIMO-5468:
-----------------------------------------
By build in auth methods, do you mean BasicAuthenticator etc for declarative
security?
In current implementation, I see only FormAuthenticator stores userIdentity,
username, and password in session, the other authenticators doesn't do this in
validateRequest method. Another place which caches the authenciated user is in
SecurityValve, userPrinciple and authType are kept in request after successful
authentication.
Meanwhile I'm still not clear on followings:
1. Shall login store the credential for jaspic and basic/form/digest/clientcert
auth type respectively?
2. Is the above-mentioned configuration flag for jaspic only or for all type of
authenticators?
3. Where this configuration flag can be set? Is it provided to end user?
Another question, in NoneAuthenticator, the authResult is success for
validateRequest method, but failure for login method, shall they be consistent?
Thanks in advance for your clarification.
> Support authenticate/login/logout methods in the HttpServletRequest interface
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-5468
> URL: https://issues.apache.org/jira/browse/GERONIMO-5468
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 3.0-M1, 3.0
> Reporter: Ivan
> Assignee: Han Hong Fang
> Fix For: 3.0
>
> Attachments: GERONIMO-5468-geronimo-2.diff,
> GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff,
> GERONIMO-5468.patch
>
>
> In Servlet 3.0, authenticate/login/logout methods are added in the
> HttpServletRequest interface, we need to support them in Geronimo's way.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
