Security configuration on the client side is really the only
non-portable, undefined part of JAX-RS 2.0. Should we define something?
Is it too late?
* standard property names for username and password
* standard property name for authentication mode, maybe match servlet?
BASIC, DIGEST, CLIENT_CERT, and FORM. FORM is a little weird, but the
semantics are well defined and understood. No reasons we couldn't
support it out of box.
* login URL for FORM authentication?
* Standard property for setting client certificate for CLIENT-CERT
* Ability to specify a trust-store through a property for HTTPS.
Would just defining this set of common standard properties work? Seems
simple enough, or am I missing something?
Thoughts?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com