[Bug 64712] javax.servlet.http.authType not evaluated after JASPIC authentication success

bugzilla Fri, 04 Sep 2020 09:26:26 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=64712


--- Comment #2 from Christopher Schultz <ch...@christopherschultz.net> ---
(In reply to Robert Rodewald from comment #0)
> In my opinion the hard-coded authType "JASPIC" should be replaced by:
> map.getOrDefault("javax.servlet.http.authType", "JASPIC")

It's tough to tell what Tomcat expects to do with that value (currently
"JASPIC"). It's used internally as the request-auth-type and session-auth-type
but I don't see any published list of allowed values, there.

What would happen if the JASPIC provider returned "SSL" as the auth-type. Is
that legal and/or expected?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64712] javax.servlet.http.authType not evaluated after JASPIC authentication success

Reply via email to