You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Rob Godfrey (JIRA)" <ji...@apache.org> on 2016/01/29 12:12:39 UTC

[jira] [Created] (QPID-7027) [Java Broker] Make HTTP Management interactive login pluggable

Rob Godfrey created QPID-7027:
---------------------------------

             Summary: [Java Broker] Make HTTP Management interactive login pluggable
                 Key: QPID-7027
                 URL: https://issues.apache.org/jira/browse/QPID-7027
             Project: Qpid
          Issue Type: Improvement
          Components: Java Broker
            Reporter: Rob Godfrey
            Assignee: Rob Godfrey
            Priority: Minor


QPID-6965 make preemptive authentication pluggable for HTTP management - that is for requests where all necessary authentication information is included in the HTTP request.

Where interactive login is required the HTTP management currently always redirects to an in-built login page which requests a username and password.

While this solution is suitable for authentication mechanisms which only require a username and password, and where the broker owns the authentication data (or is trusted to know the credentials) this is a reasonable solution; however other authentication mechanisms may require other data - or the authentication mechanism may be external to the broker (and the broker should not be trusted with the users credentials) - e.g. if using OAUTH2 to authenticate.

To solve this problem we should make interactive logins pluggable in the same way as non-interactive preemptive authentication



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org