Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1530

Introduce a security provider selector mechanism

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Unresolved
    • Major
    • None
    • None
    • Authentication Client
    • None

    Description

      ELY-1526 updated the default provider supplier to be an aggregate of:

      1. WildFlyElytronProvider
      2. The security providers loaded using the service loader mechanism ensuring that any provider that is already an installed provider is skipped
      3. The installed providers

      This was done to fix a difference in behaviour on JDK 8 vs. JDK 9. In particular, on JDK 9, the security providers were being loaded in a different order, resulting in the WildFlyElytronProvider no longer being loaded first. Some security providers were also being loaded twice - once from the service loader mechanism and once from the installed list of providers.

      This task follows up on ELY-1526 to introduce a security provider selector mechanism that allows security providers to be selected and ordered based on certain criteria. David Lloyd mentioned the following idea for this in WFLY-9899:

      Introduce a security provider selector mechanism that works similarly to the SASL and TLS cipher suite selector mechanisms, which allows providers to be selected and ordered by whatever criteria we can (name, name+version, class name, package name, source module all spring to mind, but there may be more as well including filtering (i.e. allowing only certain service entries of a given provider to "peek through"))

      See WFLY-9899 for the full discussion.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. WFLY-9899 GSSAPI + EJB failing on JDK9.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. ELY-1526 Update the default provider supplier to be an aggregate of the WildFlyElytronProvider plus the installed providers in order to ensure the WildFlyElytronProvider comes first

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: