This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Authentication"
From OWASP
(→Possible Enhancements) |
m |
||
| Line 5: | Line 5: | ||
== Possible Enhancements == | == Possible Enhancements == | ||
| − | * Wrap Principal don't extend | + | * Wrap Principal don't extend (a "principal" is an authenticated user in Java. Typically, a 'claimant' would be an unauthenticated user. User could be either authenticated or unauthenticated, depending on the context.) |
* Work to make compatible with container based authentication | * Work to make compatible with container based authentication | ||
| + | |||
| + | * Should work with more generic Credential type rather than assuming username / password. That would allow certificates, smart cards, and other more advanced means of authentication. | ||
* Provide a reauthentication API | * Provide a reauthentication API | ||
* consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject) | * consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject) | ||
Latest revision as of 05:22, 21 August 2011
Feature Overview
TODO
Possible Enhancements
- Wrap Principal don't extend (a "principal" is an authenticated user in Java. Typically, a 'claimant' would be an unauthenticated user. User could be either authenticated or unauthenticated, depending on the context.)
- Work to make compatible with container based authentication
- Should work with more generic Credential type rather than assuming username / password. That would allow certificates, smart cards, and other more advanced means of authentication.
- Provide a reauthentication API
- consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject)
