Uploaded image for project: 'Hippo Site Toolkit 2'
  1. Hippo Site Toolkit 2
  2. HSTTWO-1835

SecurityValve needs to support stateless env when dealing with subject

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.22.06, 2.23.04
    • Component/s: None
    • Labels:
      None
    • Similar issues:

      Description

      Currently, securityValve stores subject into http session which seems okay with JAAS authentication integration because JAAS authentication in servlet container depends on http session.
      However, in stateless environment, they might don't want to use http sessions at all, but have something like filter to resolve authentication based on request data instead.
      So, I think SecurityValve should consider this environment, with allowing extensibility for external filter based solutions (probably based on request attributes).

        Attachments

          Activity

            People

            • Assignee:
              jsheriff Junaidh Kadhar Sheriff
              Reporter:
              wko Woonsan Ko
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: