Hi all,
Jerome Louvel wrote:
Hi all,
Thanks Bruno for the nice synthesis, that definitely helps moving forward. I
have entered a new RFE to consolidate your comments and other ones from
Stephan:
"Refactor authentication and authorization"
http://restlet.tigris.org/issues/show_bug.cgi?id=505
Stephan, I agree that this will take some time to properly refactor and take
all aspects into account. I've listed 13 (!) related issues that I added in
the "blocks" field.
I don't think it would be wise to rush changes into 1.1 so I have set the
milestone to 1.2 M1.
Yes, I agree, no rush. Those of us who actually need such Guards in
practice can more or less implement them in 1.1 as plain Filters or
subclasses of Guard.
I'll try to think of more esoteric authnz mechanisms (for example
Shibboleth, which we use in parts of the project I work on).
I've actually just had a rather successful go at implementing a SPNEGO
Filter using the JAAS/GSS mechanism of Java 6, based on Kerberos. It's
just a proof of concept and the code isn't very clean (I've cut a few
corners when implementing my own ChallengeScheme and
AuthenticationHelper), but it seems to work. (At least to test, being
able to write the 'WWW-Authenticate' headers directly or at having
something a bit simpler than AuthenticationHelper.formatParameters(...)
would have made it a bit easier.)
I can't guarantee if and how much time I can spend on this, but I'll try
to give more details sometime soon.
Best wishes,
Bruno.