So I have gone ahead with this.
Basically DeploymentInfo now contains a map of name -> AuthenticationMechanismFactory,
and the LoginConfig class now has a list of AuthMethodConfig
structures, which are basically just a name and a properties map.
Wildfly will be setup to parse comma separate auth methods with properties specified via a
query string like syntax, e.g.:
BASIC?silent=true,FORM?error_page=error/page/override.html&post_location=/custom_location
So basically something like oauth can simply register a factory under the name OAUTH (or
maybe com.keycloak.OAUTH to prevent clashes), and then rely on the user specifying that
they want to use it in web.xml.
If you want to register additional handlers etc then your extension should simply iterate
over the auth mechanisms list, and if your mechanisms name is mentioned then then install
your handlers. If you want to completely ignore what is in web.xml you can just clear the
auth methods list and add your own method.
As a result of this I have got rid of the additional authentication mechanims list, and
the ignore standard methods flag, as they should not longer be nessesary. Unfortunately
this is causing problems for the JASPI integration, so I am probably going to add a
special hook for JASPI.
Stuart
----- Original Message -----
From: "Stuart Douglas" <sdouglas(a)redhat.com>
To: "Darran Lofthouse" <darran.lofthouse(a)jboss.com>
Cc: undertow-dev(a)lists.jboss.org
Sent: Wednesday, 27 November, 2013 8:52:20 PM
Subject: Re: [undertow-dev] Authentication Mechanism Configuration
Yes, that was another reason why I think the extensions should just register
a name, otherwise ordering between mechanisms would just be a mess.
Stuart
----- Original Message -----
> From: "Darran Lofthouse" <darran.lofthouse(a)jboss.com>
> To: "Stuart Douglas" <sdouglas(a)redhat.com>, "Darran
Lofthouse"
> <darran.lofthouse(a)jboss.com>
> Cc: "Bill Burke" <bburke(a)redhat.com>, undertow-dev(a)lists.jboss.org
> Sent: Wednesday, 27 November, 2013 6:38:45 PM
> Subject: Re: [undertow-dev] Authentication Mechanism Configuration
>
> On 27/11/13 17:34, Stuart Douglas wrote:
> >>
> >> One feature within JBoss Web was that at deployment time if an
> >> authentication mechansism is already set on a web app the default
> >> mechanism handling was skipped - we may also want to consider this to
> >> allow deployers within WildFly to take over this handling.
> >
> > Not sure exactly what you mean here, an extension can remove other
> > mechanisms if it desires.
>
> What I mean here is making sure we don't have mechanisms being added
> from multiple locations - but maybe if the deployers are just setting
> names and factories and Undertow calls the factories that double
> processing of methods would not occur.
>
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev