[aerogear-dev] Aerogear Security (Picketlink)? enhancements

Bruno Oliveira bruno at abstractj.org
Tue Nov 5 08:19:19 EST 2013


Answers inline.

Karel Piwko wrote:
> Hey,
>
> I've integrated Aerogear Security with PicketLink installed as JBoss submodule.
> I find following challenges complicating the setup/reducing feature set and I
> think they should be addressed:
>
> 1/ Aerogear Security Submodule - if you install PL as module and add it as
> dependency into jboss-deployment-structure.xml, you need to manually exclude
> plenty of PL deps from pom.xml. I think that easiest way how make setup more
> convenient would be to create Aerogear Security PL submodule on top
> of PL submodule and then easily mark aerogear-security-pickelink as 'provided'
> in pom.xml
Hi Karel, on AeroGear we do not enforce the usage of AG Security, so if
you want use only PicketLink it's up to you. Either way suggestions to
improve AG Sec are more than welcome, if you are planning to open a
Jira, please make sure to add the steps to reproduce it, please.
> 2/ AuthenticationManager/CredentialsMatcher is limited to (T user,
> String password). However, PL allows more ways of authentication [1] and here we
> are simply reducing feature set. I think there should be login(T user, C
> credentials) operation as well. There could also be just login(T user) and impl
> will be responsible to inject/produce/select correct CredentialsHandler.
As I mentioned on AG Sec we tried to make developer's life simple, we
are not reducing any feature. If advanced developers want to make use of
the features on PicketLink, they should stick with the PL API instead,
we don't want to create a wrapper on top of PicketLink. The idea is: if
you want to go simple, go with AGSec and if you want advance features,
make use of PL API.

Any scenario where that method signature should be applied? Please
provide the scenario or the sources where AG Sec is blocking you.
> Let me know your opinions and I can create JIRAs based on outcome.
>
> Thanks,
>
> Karel

-- 
abstractj


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131105/5e66ab3b/attachment.bin 


More information about the aerogear-dev mailing list