users@jaspic-spec.java.net

[JIRA] (JASPIC_SPEC-25) Support "auto apply session" for authentication mechanisms

From: arjan tijms (JIRA) <"arjan>
Date: Thu, 11 Feb 2016 23:25:57 +0000 (UTC)

    [ https://java.net/jira/browse/JASPIC_SPEC-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=391454#comment-391454 ]

arjan tijms commented on JASPIC_SPEC-25:
----------------------------------------

Can be deleted, JIRA automatically created this for the JASPIC JIRA, but should have been JAVAEE_SECURITY.

> Support "auto apply session" for authentication mechanisms
> ----------------------------------------------------------
>
> Key: JASPIC_SPEC-25
> URL: https://java.net/jira/browse/JASPIC_SPEC-25
> Project: jaspic-spec
> Issue Type: New Feature
> Reporter: arjan tijms
> Assignee: monzillo
>
> The proposed authentication mechanism (JAVAEE_SECURITY_SPEC-32) is naturally stateless and only authenticates a user for the current request.
> However, an automatic connection to the http session associated with a request is often desired. See also JASPIC_SPEC-20
> I'd like to propose introducing a facility that automatically remembers an authenticated identity set by an authentication mechanism and as long as the session is valid automatic applies this identity for every request in the context of the http session and does not call the authentication mechanism again.
> It should be possible to combine this facility with the remember me function. (see JAVAEE_SECURITY_SPEC-33)



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)