Support for events
------------------
Key: JASPIC_SPEC-21
URL:
https://java.net/jira/browse/JASPIC_SPEC-21
Project: jaspic-spec
Issue Type: New Feature
Reporter: arjan tijms
For several use cases it would be quite convenient if JASPIC would throw events at several important moments of the authentication message exchange.
Such events could be:
* PreAuthenticate
* PostAuthenticate
* PreLogout
* PostLogout
User code could possibly register for such events in [the same way|
https://javaee-spec.java.net/nonav/javadocs/javax/servlet/http/HttpSessionIdListener.html] such code can register for events from the Servlet container; annotating the listener class and implementing an interface.
E.g.
{code}
@SecurityListener
public class MyListener implements AuthenticationListener {
public void preAuthenticate(AuthEvent authEvent) {
// ...
}
public void postAuthenticate(AuthEvent authEvent) {
// ...
}
}
{code}
Additionally CDI style events can be supported as well.
Use cases for such event listeners are among others:
* Keeping track of the number of logged-in users
* Protecting against brute-force attacks by keeping count of failed login attempts for a certain account
* Creating a new local user after the first successful authentication via a remote authentication provider
* Loading application specific preferences into the HTTP session after a user logs-in
Specifically for the second use case a PreAutenticate listener should be able to veto the authentication attempt (at which JASPIC could respond by e.g. sending a 403 to the client).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira