AuthenticationSupplier feature for Web Security #6496
Conversation
|
@sbespalov Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@sbespalov Thank you for signing the Contributor License Agreement! |
sbespalov
force-pushed
the
auth-supplier
branch
from
26ab8ae to
055ed9c
Compare
|
Thanks for the PR @sbespalov! In general, there are too many changes in this one PR. For example, there are polish actions that add ServletException where it is not necessary. In regards to the Supplier, I think it may be a good idea, but let's not combine AuthenticationSupplier and AuthenticationEntryPoint. If you look at the reactive bits it uses a ServerAuthenticationConverter which is closer to what I would have in mind. I'm going to close this PR. If you are still wanting to see this support, please create a ticket for us to discuss a bit so we can be on the same page before writing more code. This will ensure you don't spend a lot of time coding to find out that we are not yet on the same page. |
This PR targets to make Authentication Filters implementation to be more "SOLID".
Currently there are set of different Atuhenticaion Filters like
BasicAuthenticationFilter,DigestAuthenticationFilteretc. and most of such filters logic is almost the same:Authenticationfrom request (supply);AuthenticationprovidedAuthenticationobject withAuthenticationManager, if we have supportedAuthenticationThis PR contains following main changes:
AuthenticationSupplierinterface;GenericAuthenticationFilterclass;BasicAuthenticationSupplierandGenericAuthenticationFilter;If this concept will be accepted in general then additional changes can be provided.