4 Replies Latest reply on Apr 7, 2008 10:06 PM by Rama Dur

    JSR-196 [Java Authentication SPI for Containers] Discussion

    Anil Saldanha Master

      I would like to dedicate this thread for discussion on JSR-196 (JASPI).

      As you know the container issue for JSR-196 implementation in JBoss 5.0 is:
      http://jira.jboss.com/jira/browse/JBAS-2525
      Once the prototype stabilizes, we will backport to Branch 4.0

      What I am primarily looking for discussion on this thread are:
      a) Identification of issues while implementing the JASPI spec, to be fed back to the Expert Group for clarification.
      b) Any possible extensions to JSR-196.

      Currently, the extensions that need to be made to the JSR-196 spec from my perspective are:
      a) A standard configuration similar to JAAS configuration as in:
      http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/AppConfigurationEntry.html
      b) Spec should be extended to include EJB Containers. Currently the specification only handles the Web and the WebService containers.

      Scott says: "needs to sync up with the EJB3 interceptors"


      Please add extensions that come in your mind, while implementing or reading the specification.