| Feature-ID |
Desired Improvement |
Priority |
Comments |
Issue Link |
Eng Response |
| Sec-001 |
Support HTTP digest authentication |
P1 |
Adds digest authentication support for Realms. |
4118 |
Yes |
| Sec-002 |
Role-based access control |
P1 |
Also defined in AdminConsole section[ CoreInfra-004 |
http://wiki.glassfish.java.net/Wiki.jsp?page=V3CoreInfrastructureImprovements]. |
| Sec-003 |
Allow NSS to pass a certificate with unsupported extensions in validation |
P3 |
SSL Subsystem in GlassFish currently does not allow Certificates with UnSupported Extensions during Certificate Validation. The problem is not specific to NSS, it applies to JKS as well. |
4211 |
Yes |
| Sec-004 |
Unified Authorization support for Servlet, SipServlet, JAX-RS and WSIT WebServices |
P1 |
Support @RolesAllowed Annoation , unified credential representation. |
4119 |
Yes |
| Sec-005 |
Definition of Security Module |
P1 |
Identify which interfaces to modularize, the potential opportunities for formalizing a component security achitecture, as well as the interplay between modularization and security pluggability. |
4117 |
Yes |
| Sec-006 |
Delegated administration |
P3 |
Also defined in AdminConsole section[ CoreInfra-020 |
http://wiki.glassfish.java.net/Wiki.jsp?page=V3CoreInfrastructureImprovements] |
| Sec-007 |
Limit Failed Login Attempts for Realms |
P2 |
|
4212 |
Yes |
| Sec-008 |
Add CertStore support |
P2 |
|
4213 |
Yes |
| Sec-009 |
Identity Propagation |
P2 |
|
4214 |
Yes |
| Sec-010 |
Support JKS Key Stores in all Profile(s) of Glasfish |
P3 |
|
4549 |
Yes |
| Sec-011 |
WebServices Asynchrony Support |
P2 |
Convert the GlassFish Security Pipe(s) into Tube(s) |
4216 |
Yes |
| Sec-012 |
Improve JNDI Security |
P2 |
Support for ReadOnly JNDI. |
4217 |
Yes |
