Rob Godfrey created QPID-7027:
---------------------------------
Summary: [Java Broker] Make HTTP Management interactive login
pluggable
Key: QPID-7027
URL: https://issues.apache.org/jira/browse/QPID-7027
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Rob Godfrey
Assignee: Rob Godfrey
Priority: Minor
QPID-6965 make preemptive authentication pluggable for HTTP management - that
is for requests where all necessary authentication information is included in
the HTTP request.
Where interactive login is required the HTTP management currently always
redirects to an in-built login page which requests a username and password.
While this solution is suitable for authentication mechanisms which only
require a username and password, and where the broker owns the authentication
data (or is trusted to know the credentials) this is a reasonable solution;
however other authentication mechanisms may require other data - or the
authentication mechanism may be external to the broker (and the broker should
not be trusted with the users credentials) - e.g. if using OAUTH2 to
authenticate.
To solve this problem we should make interactive logins pluggable in the same
way as non-interactive preemptive authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
