An issue that needs consideration is whether the ServerAuthModules need to do some form of a handshake with the clientside. This exists in the GSS Style API, Ldap SASL and the following snip from Scott's reply says it further:
Yes, the handshake is a problem. How would digest auth be handled in the web container if all step were delegated to the jsr196 layer? SRP is another gss like protocol that has a multi-request handshake.
To consider JSR-196 for JMS, I see an issue:
There is no notion of a JMS message until you have a connection from a connectionfactory. Only when you are creating a connection, would you consider security.
ConnectionFactory cf = // Connection con = cf.createConnection(String username, String password); //No Message here Session sess = con.createSession(....); //Message will follow later and we have already authenticated
Since JSR-196 would require a message object while passing thru the auth modules, I am wondering whether JSR-196 can be applied to JMS.
I see that last post has been a while back. Can we know what is the latest status of JSR-196 support in JBoss?