Was just thinking about authentication and certification validation and
the client layer...
Any client that needs to set up authentication will immediately require
a vendor-specific interface. That sets up the possibility of a lot of
non-portable code. Should we define APIs or specific config properties
to cover this? Cover the 3 authentication models offered by servlet
container: basic, digest, and client-cert.
Also, server certification validation falls into the categry as well,
and maybe a property targeted towards a trust store.
COuld be this:
WebTarget target = ...;
target.setProperty(Security.USERNAME, "bill");
target.setProperty(Security.PASSWORD, "geheim");
target.setProperty(Security.AUTHENTICATION_TYPE, Security.DIGEST);
target.setProperty(Security.TRUST_STORE, trustStore);
trustStore could be a X509TrustManager or KeyStore
target.setProperty(Security.AUTHENTICATION_TYPE, Security.CLIENT_CERT);
target.setProperty(Security.CLIENT_CERTIFICATE, keyStore);
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com