https://bz.apache.org/bugzilla/show_bug.cgi?id=64712
--- Comment #4 from Robert Rodewald <robert.rodew...@kopsis.com> --- I would say that there can't be a list of allowed values for authType as the idea behind the JASPIC ServerAuthModule is to plug in new authTypes, e.g. Bearer-Auth or other SSO modules. Let's suppose you want to plug in two SAMs, fist does Bearer-Auth (e.g. JSON Web Tokens) and the second does BASIC auth. Each module should be able to set the authType accordingly. I suppose that's why the spec does not impose any restrictions on the authType. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
