qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7027) [Java Broker] Make HTTP Management interactive login pluggable
Date Mon, 01 Feb 2016 15:45:40 GMT

    [ https://issues.apache.org/jira/browse/QPID-7027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15126416#comment-15126416
] 

ASF subversion and git services commented on QPID-7027:
-------------------------------------------------------

Commit 1727960 from [~lorenz.quack] in branch 'java/branches/6.0.x'
[ https://svn.apache.org/r1727960 ]

QPID-7027: [Java Broker] Make HTTP Management interactive login pluggable

    merged from trunk with:
    svn merge -c 1727532 https://svn.apache.org/repos/asf/qpid/java/trunk

> [Java Broker] Make HTTP Management interactive login pluggable
> --------------------------------------------------------------
>
>                 Key: QPID-7027
>                 URL: https://issues.apache.org/jira/browse/QPID-7027
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Rob Godfrey
>            Assignee: Lorenz Quack
>            Priority: Minor
>             Fix For: qpid-java-6.0.1, qpid-java-6.1
>
>
> QPID-6965 make preemptive authentication pluggable for HTTP management - that is for
requests where all necessary authentication information is included in the HTTP request.
> Where interactive login is required the HTTP management currently always redirects to
an in-built login page which requests a username and password.
> While this solution is suitable for authentication mechanisms which only require a username
and password, and where the broker owns the authentication data (or is trusted to know the
credentials) this is a reasonable solution; however other authentication mechanisms may require
other data - or the authentication mechanism may be external to the broker (and the broker
should not be trusted with the users credentials) - e.g. if using OAUTH2 to authenticate.
> To solve this problem we should make interactive logins pluggable in the same way as
non-interactive preemptive authentication



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message