arjan tijms created JASPIC_SPEC-25:
--------------------------------------
Summary: Support "auto apply session" for authentication mechanisms
Key: JASPIC_SPEC-25
URL:
https://java.net/jira/browse/JASPIC_SPEC-25
Project: jaspic-spec
Issue Type: New Feature
Reporter: arjan tijms
Assignee: monzillo
The proposed authentication mechanism (JAVAEE_SECURITY_SPEC-32) is naturally stateless and only authenticates a user for the current request.
However, an automatic connection to the http session associated with a request is often desired. See also JASPIC_SPEC-20
I'd like to propose introducing a facility that automatically remembers an authenticated identity set by an authentication mechanism and as long as the session is valid automatic applies this identity for every request in the context of the http session and does not call the authentication mechanism again.
It should be possible to combine this facility with the remember me function. (see JAVAEE_SECURITY_SPEC-33)
--
This message was sent by Atlassian JIRA
(v6.2.3#6260)