Why mechanisms twice?
08 Mar 2017Why do we need to specify configurable-sasl-server-factory
(or configurable-http-server-factory
) in Elytron configuration to filter mechanisms, which we want to allow to use, when we have already defined them all in sasl-authentication-factory
(http-authentication-factory
)? It looks weird to have to write them twice:
Sure, it look so, but the key is, the mechanism configuration does not need to be based on mechanism names only!
Look:
In this example was the mechanism configured by hostname and protocol - specified configuration can be used for any mechanism, when hostname will be localhost
AND protocol will be https
. Nobody cares about mechanism itself.
As you can see, it is not possible to filter provided mechanisms by mechanism-configuration
section, because it does not need to contain all informations about them.