<style>
/* Changing the layout to use less space for mobiles */
@media screen and (max-device-width: 480px), screen and (-webkit-min-device-pixel-ratio: 2) {
#email-body { min-width: 30em !important; }
#email-page { padding: 8px !important; }
#email-banner { padding: 8px 8px 0 8px !important; }
#email-avatar { margin: 1px 8px 8px 0 !important; padding: 0 !important; }
#email-fields { padding: 0 8px 8px 8px !important; }
#email-gutter { width: 0 !important; }
}
</style>
<div id="email-body">
<table id="email-wrap" align="center" border="0" cellpadding="0" cellspacing="0" style="background-color:#f0f0f0;color:#000000;width:100%;">
<tr valign="top">
<td id="email-page" style="padding:16px !important;">
<table align="center" border="0" cellpadding="0" cellspacing="0" style="background-color:#ffffff;border:1px solid #bbbbbb;color:#000000;width:100%;">
<tr valign="top">
<td bgcolor="#3b4d64" style="background-color:#3b4d64;color:#ffffff;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;line-height:1;"><img src="https://issues.jboss.org/s/en_USdrryc7-418945332/852/58/_/jira-logo-scaled.png" alt="" style="vertical-align:top;" /></td>
</tr><tr valign="top">
<td id="email-banner" style="padding:32px 32px 0 32px;">
<table align="left" border="0" cellpadding="0" cellspacing="0" width="100%" style="width:100%;">
<tr valign="top">
<td style="color:#505050;font-family:Arial,FreeSans,Helvetica,sans-serif;padding:0;">
<img id="email-avatar" src="https://community.jboss.org/people/sebastienblanc/avatar/16.png" alt="" height="48" width="48" border="0" align="left" style="padding:0;margin: 0 16px 16px 0;" />
<div id="email-action" style="padding: 0 0 8px 0;font-size:12px;line-height:18px;">
<a class="user-hover" rel="sebastienblanc" id="email_sebastienblanc" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=sebastienblanc" style="color:#326ca6;">Sebastien Blanc</a>
created <img src="https://issues.jboss.org/images/icons/issuetypes/newfeature.png" height="16" width="16" border="0" align="absmiddle" alt="Feature Request"> <a style='color:#326ca6;text-decoration:none;' href='https://issues.jboss.org/browse/AEROGEAR-1115'>AEROGEAR-1115</a>
</div>
<div id="email-summary" style="font-size:16px;line-height:20px;padding:2px 0 16px 0;">
<a style='color:#326ca6;text-decoration:none;' href='https://issues.jboss.org/browse/AEROGEAR-1115'><strong>Security scaffolding</strong></a>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr valign="top">
<td id="email-fields" style="padding:0 32px 32px 32px;">
<table border="0" cellpadding="0" cellspacing="0" style="padding:0;text-align:left;width:100%;" width="100%">
<tr valign="top">
<td id="email-gutter" style="width:64px;white-space:nowrap;"></td>
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Issue Type:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
<img src="https://issues.jboss.org/images/icons/issuetypes/newfeature.png" height="16" width="16" border="0" align="absmiddle" alt="Feature Request"> Feature Request
</td>
</tr> <tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Assignee:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
Unassigned </td>
</tr> <tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Components:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
forge, security </td>
</tr>
<tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Created:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
15/Apr/13 12:45 PM
</td>
</tr> <tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Description:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
<p style='margin-top:0;margin-bottom:10px;'>see details here : <br/>
I've been thinking about Security Scaffolding. It's a different beast than a simple CRUD scaffolding. It'sa bit more difficult to make assumption when you want to generate security flows : which http method to protect ? using only authentification or also authorization ? etc ...</p>
<p style='margin-top:0;margin-bottom:10px;'>Therefore, I've been thinking of some kind of configuration that the user could provide before the scaffolding process. Keeping it really simple and "human readable" and that could really speed up setting up the security layer : </p>
<p style='margin-top:0;margin-bottom:10px;'>{<br/>
"security":<br/>
        "createUsers" :<span class="error">["sebi","abtractj"]</span>, //1<br/>
        "createRole" :<span class="error">["simple","admin"]</span>, //2<br/>
        "roleMap": ["simple":<span class="error">["abstractj","sebi"]</span>,"admin":<span class="error">["sebi"]</span>], //3<br/>
        "generateLoginForm" : true, //4<br/>
        "generateOTPPage" : true, //5<br/>
        "entities" : { //6<br/>
                "org.sebi.Task" : {<br/>
                        "GET": </p>
{
                                "authentification" : false
                         }
<p style='margin-top:0;margin-bottom:10px;'>,<br/>
                        "POST": </p>
{
                                "authentification" : true,
                                "authorization" : "simple"
                        }
<p style='margin-top:0;margin-bottom:10px;'>,<br/>
                        "PUT": </p>
{
                                "authentification" : true,
                                "authorization" : "admin"
                        }
<p style='margin-top:0;margin-bottom:10px;'>,<br/>
                        "DELETE": </p>
{
                                "authentification" : true,
                                "authorization" : "admin"
                        }
<p style='margin-top:0;margin-bottom:10px;'>                }<br/>
        }<br/>
}</p>
<p style='margin-top:0;margin-bottom:10px;'>Let me detail each of these points to make the discussion easier : </p>
<ul>
        <li>1. createUSers : We pass a list of users that we be inserted into the db : this will generate or a SQL script or a class creating the users like in <a href="https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java" class="external-link">https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java</a></li>
</ul>
<ul>
        <li>2. createAdmin : We pass a list of roles that we be inserted into the db : this will generate or a SQL script or a class creating the users like in <a href="https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java" class="external-link">https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java</a></li>
</ul>
<ul>
        <li>3. roleMap : We create here an association map between users and roles : this will generate or a SQL script or a class creating the users like in <a href="https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java" class="external-link">https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/config/PicketLinkDefaultUsers.java</a></li>
</ul>
<ul>
        <li>4. generateLoginForm : if true, the UI scaffolding will also generate a login form (location and layout depending on the scaffolding provider (AngularJS+Bootstrap, AngularJS+JQM) or by providing a custom template fragment.</li>
</ul>
<ul>
        <li>5. generateOTPPage : if true, the UI scaffolding will also generate a OTP page (location and layout depending on the scaffolding provider (AngularJS+Bootstrap, AngularJS+JQM) or by providing a custom template fragment.</li>
</ul>
<ul>
        <li>6. Entities : Here we configure the security flow for each entity per HTTP methods. Concretely, this will mean :</li>
</ul>
<ul class="alternate" type="square">
        <li>On the backend, generate the right route, i.e :</li>
</ul>
<p style='margin-top:0;margin-bottom:10px;'>route().from("/task").roles("admin").on(RequestMethod.DELETE).to(Task.class).delete(); </p>
<ul class="alternate" type="square">
        <li>On the frontend, setting the flag or not on a pipe to enable auth. Other option are possible, liking hiding links, disabling button depending on the authorization/authnetification. We should discuss these options.</li>
</ul>
<p style='margin-top:0;margin-bottom:10px;'>I think it could be a nice addition, and from the feedback I've heard, this kind of feature really misses today in the current scaffolding tools regarding security. This could be really a killing feature and not hard to implement.</p>
<p style='margin-top:0;margin-bottom:10px;'>Please comment, ask questions to polish the feature ! </p>
<p style='margin-top:0;margin-bottom:10px;'>Seb</p>
</td>
</tr>
<tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Project:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
<a style="color:#326ca6;" href="https://issues.jboss.org/browse/AEROGEAR">AeroGear</a>
</td>
</tr> <tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Priority:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
<img src="https://issues.jboss.org/images/icons/priorities/major.png" height="16" width="16" border="0" align="absmiddle" alt="Major"> Major
</td>
</tr>
<tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Reporter:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
<a class="user-hover" rel="sebastienblanc" id="email_sebastienblanc" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=sebastienblanc" style="color:#326ca6;">Sebastien Blanc</a>
</td>
</tr> <tr valign="top">
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
<strong style="font-weight:normal;color:#505050;">Security Level:</strong>
</td>
<td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
Public (Everyone can see) </td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td><!-- End #email-page -->
</tr>
<tr valign="top">
<td style="color:#505050;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:10px;line-height:14px;padding: 0 16px 16px 16px;text-align:center;">
This message is automatically generated by JIRA.<br />
If you think it was sent incorrectly, please contact your JIRA administrators<br />
For more information on JIRA, see: <a style='color:#326ca6;' href='http://www.atlassian.com/software/jira'>http://www.atlassian.com/software/jira</a>
</td>
</tr>
</table><!-- End #email-wrap -->
</div><!-- End #email-body -->