OACC 2.0.0 new alpha 4 release, adds comprehensive pluggable authentication support.
Join the DZone community and get the full member experience.Join For Free
OACC is a powerful, new Java Application Security Framework (http://oaccframework.org). This release adds comprehensive pluggable authentication provider support. An application using OACC can now provide a custom authentication provider implementation that uses LDAP, biometrics or any other scheme for authentication. OACC ships with a built-in password-based authentication provider.
Summary of changes in this release:
- comprehensive pluggable authentication provider support
- redesigned authentication API calls to use credentials instead of passwords
- new extensible credentials interface to allow arbitrary authentication mechanisms
- built-in authentication provider now uses `char` instead of `String` for passwords
AccessControlContext API changes:
- `authenticate` method now takes a `Credentials` instance instead of a password
- new `authenticate` method to support authentication without providing credentials (for authentication provider that support it)
- renames `setResourcePassword()` to `setCredentials()`
- replaces `createAuthenticatableResource()` with overloaded `createResource()` methods
Includes a built-in `AuthenticationProvider` that provides password-based authentication, so that clients have the option to use OACC without having to implement their own authentication mechanism. Note that any passwords handled by the built-in authentication provider now use `char` exclusively, instead of `String`.
- fixes a bug that caused `AccessControlContext` instances to not be serializable
Opinions expressed by DZone contributors are their own.