Skip to main content

[JIRA] Created: (JASPIC_SPEC-21) Support for events

  • From: "arjan tijms (JIRA)" < >
  • To:
  • Subject: [JIRA] Created: (JASPIC_SPEC-21) Support for events
  • Date: Tue, 30 Apr 2013 19:20:58 +0000 (UTC)
  • Auto-submitted: auto-generated

Support for events
------------------

                 Key: JASPIC_SPEC-21
                 URL: https://java.net/jira/browse/JASPIC_SPEC-21
             Project: jaspic-spec
          Issue Type: New Feature
            Reporter: arjan tijms


For several use cases it would be quite convenient if JASPIC would throw 
events at several important moments of the authentication message exchange.

Such events could be:

* PreAuthenticate
* PostAuthenticate
* PreLogout
* PostLogout

User code could possibly register for such events in [the same 
way|https://javaee-spec.java.net/nonav/javadocs/javax/servlet/http/HttpSessionIdListener.html]
 such code can register for events from the Servlet container; annotating the 
listener class and implementing an interface.

E.g.

{code}
@SecurityListener
public class MyListener implements AuthenticationListener  {

    public void preAuthenticate(AuthEvent authEvent) {
        // ...
    }

    public void postAuthenticate(AuthEvent authEvent) {
        // ...
    }
}
{code}

Additionally CDI style events can be supported as well.

Use cases for such event listeners are among others:

* Keeping track of the number of logged-in users
* Protecting against brute-force attacks by keeping count of failed login 
attempts for a certain account
* Creating a new local user after the first successful authentication via a 
remote authentication provider
* Loading application specific preferences into the HTTP session after a user 
logs-in

Specifically for the second use case a PreAutenticate listener should be able 
to veto the authentication attempt (at which JASPIC could respond by e.g. 
sending a 403 to the client).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Created: (JASPIC_SPEC-21) Support for events

arjan tijms (JIRA) 04/30/2013
 
 
Close
loading
Please Confirm
Close