Elytron: when to use HTTP Authentication vs SASL Authentication?

mylos78 Mar 13, 2018 5:36 AM

Hi all,

I'd need a clarification about Elytron authentication methods. As I understand from the docs both HTTP Authentication and SASL authentication are available.

Is it correct to say that Web applications will use Realms connected with HTTP Authentication factories and all other applications will use SASL Authentication ?

The reason I'm asking it is that also EJB applications, for example, land on http ports, so I wonder what is the actual demarcation between these two authentication methods.

Thanks!

Mylos

1. Re: Elytron: when to use HTTP Authentication vs SASL Authentication?

dmlloyd Mar 13, 2018 8:53 AM (in response to mylos78)

Normally with HTTP you can only do HTTP authentication, and SASL is for other network protocols (including standard protocols such as LDAP, IMAP, etc., but also JBoss Remoting which is presently our primary EJB transport). The "remote+http" family of protocols is special in that it uses HTTP to establish the connection, but then it uses an "HTTP upgrade" message (HTTP/1.1 Upgrade header - Wikipedia) to switch to the JBoss Remoting protocol, which then uses SASL authentication.

The "http" EJB transport is not the same as the "remote+http" EJB transport. The "http" transport uses HTTP directly and should be configured as HTTP authentication.
Actions
2. Re: Elytron: when to use HTTP Authentication vs SASL Authentication?

mylos78 Mar 13, 2018 10:10 AM (in response to dmlloyd)

Thanks for the clarification!
Actions

Go to original post