[
https://issues.apache.org/jira/browse/QPID-7027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15123354#comment-15123354
]
ASF subversion and git services commented on QPID-7027:
-------------------------------------------------------
Commit 1727532 from [~godfrer] in branch 'java/trunk'
[ https://svn.apache.org/r1727532 ]
QPID-7027 : make interactive HTTP authentication pliggable
> [Java Broker] Make HTTP Management interactive login pluggable
> --------------------------------------------------------------
>
> Key: QPID-7027
> URL: https://issues.apache.org/jira/browse/QPID-7027
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Rob Godfrey
> Assignee: Rob Godfrey
> Priority: Minor
>
> QPID-6965 make preemptive authentication pluggable for HTTP management - that
> is for requests where all necessary authentication information is included in
> the HTTP request.
> Where interactive login is required the HTTP management currently always
> redirects to an in-built login page which requests a username and password.
> While this solution is suitable for authentication mechanisms which only
> require a username and password, and where the broker owns the authentication
> data (or is trusted to know the credentials) this is a reasonable solution;
> however other authentication mechanisms may require other data - or the
> authentication mechanism may be external to the broker (and the broker should
> not be trusted with the users credentials) - e.g. if using OAUTH2 to
> authenticate.
> To solve this problem we should make interactive logins pluggable in the same
> way as non-interactive preemptive authentication
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
