https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #17 from Robert Rodewald ---
(In reply to Mark Thomas from comment #16)
> All valid points regarding the expected behaviour of CallbackHandlers. I'd
> recommend raising issues against the Jakarta Authentication spec:
> https://githu
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #16 from Mark Thomas ---
All valid points regarding the expected behaviour of CallbackHandlers. I'd
recommend raising issues against the Jakarta Authentication spec:
https://github.com/eclipse-ee4j/authentication/issues
--
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #15 from Robert Rodewald ---
I found an interesting differentiation on this page:
https://github.com/wildfly/wildfly/blob/master/docs/src/main/asciidoc/_elytron/Elytron_and_Java_Authentication_SPI_for_Containers-JASPI.adoc
If a SAM
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #14 from Robert Rodewald ---
(In reply to Christopher Schultz from comment #12)
> Doesn't this tie the implementation class to Tomcata internals? It would be
> nice to implement a CallbackHandler which can be built (and run)
> indep
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #13 from Christopher Schultz ---
(In reply to Robert Rodewald from comment #9)
> Slightly off topic, but could someone explain why the package imports in
> CallbackHandlerImpl switched from
>
> import javax.security.auth.callback.U
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #12 from Christopher Schultz ---
(In reply to Mark Thomas from comment #7)
> Users may wish to use a 3rd party custom CallbackHandler that knows nothing
> about Tomcat internals. A no-arg Constructor needs to be supported.
>
> Ther
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #11 from Robert Rodewald ---
Created attachment 37440
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37440&action=edit
Proposed patch for bug 64715 (second attempt), Tomcat 9
The Tomcat 9.0.x version of the patch.
Main dif
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Robert Rodewald changed:
What|Removed |Added
Attachment #37438|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Robert Rodewald changed:
What|Removed |Added
Attachment #37438|Proposed patch for bug |Proposed patch for bug
descri
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #9 from Robert Rodewald ---
Slightly off topic, but could someone explain why the package imports in
CallbackHandlerImpl switched from
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.mes
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Robert Rodewald changed:
What|Removed |Added
Attachment #37434|0 |1
is obsolete|
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #7 from Mark Thomas ---
Users may wish to use a 3rd party custom CallbackHandler that knows nothing
about Tomcat internals. A no-arg Constructor needs to be supported.
There are multiple class loaders involved and while the default
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #6 from Robert Rodewald ---
(In reply to Mark Thomas from comment #5)
> - It doesn't handle all combinations of
> - Constructor with/without Context
I don't think a constructor for CallbackHandlerImpl without Context is needed.
A
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #5 from Mark Thomas ---
Reviewing the patch:
- It doesn't handle all combinations of
- Constructor with/without Context
- Class defined in web app / in container
- The call to the "with Context" constructor will always fail (no
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Mark Thomas changed:
What|Removed |Added
Severity|enhancement |normal
--- Comment #4 from Mark Thomas
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #3 from Robert Rodewald ---
Sorry, I got the section number wrong, it's section 3.5
Chapter 3 is Servlet Container Profile.
Here is an excerpt from section 3.5:
The CallbackHandler passed to ServerAuthModule.initialize is determin
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Mark Thomas changed:
What|Removed |Added
Severity|minor |enhancement
--- Comment #2 from Mark Tho
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
Robert Rodewald changed:
What|Removed |Added
Attachment #37434|Proposed patch for bug |Proposed patch for bug
descri
https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #1 from Robert Rodewald ---
Created attachment 37434
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37434&action=edit
Proposed patch for bug
- CallbackHandlerImpl changed from singleton to regular class
- added parameter co
20 matches
Mail list logo