I have a few questions about the Realm design: a)
How does a Realm find details of the Login Config for the Context
currently being authenticated? When
developing a Realm it may be very useful to determine the authentication method
used. However, at the moment the
Realm is just told to authenticate.
The Realm may also be attached to the "global" level and
therefore have no idea which Context the authentication request came from. Seems to me that it would be
useful for the Realm to be able to determine the Login Config so that it can
adjust any authentication processes as required. b)
Why aren't CLIENT-CERT authentications passed onto the registered
Realm? At the moment, Realms only
see to be passed to process BASIC authentication requests. At the moment certificate requests are
processed by the automatically injected CertificateValve. Why can't Realms process CLIENT-CERT
requests? Thanks, David. |
- Re: Realm design David Cittadini
- Re: Realm design Craig R. McClanahan