[security-dev] DeltaSpike, IDM, Authentication and Authorization

Shane Bryzak sbryzak at redhat.com
Mon Jul 30 18:15:21 EDT 2012

On 31/07/12 04:40, Bruno Oliveira wrote:
> Hi, some few open questions inline.
> On Friday, July 27, 2012 at 1:35 PM, Pete Muir wrote:
>> Authentication
>> -------------------
> Which IDM domain model should I use, picketlink idm or DeltaSpike? I 
> might be wrong, but probably those entities belongs to the IDM?
>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
>> This contains methods to log in, log out, get the current user, and 
>> check if a user is logged in or not. In order to log in/log out, a 
>> LoginCredential is provided:
> How do they fit together?
> -> 
> https://github.com/picketlink/picketlink-idm/blob/master/picketlink-idm-api/src/main/java/org/picketlink/idm/api/Credential.java
> -> 
> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/credential/Credential.java
>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/credential/LoginCredential.java
>> We also have a very basic representation of a user, which contains 
>> some unique identifier for the user:
>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
>> This isn't useful on it's own of course, but would plug into whatever 
>> IDM solution you happen to use. In our case PicketLink IDM.
> Why not make use of same entity model from PicketLink IDM? 
> https://github.com/picketlink/picketlink-idm/blob/master/picketlink-idm-api/src/main/java/org/picketlink/idm/api/User.java. 
> Or create some level of abstraction like that.
> How do I extend the User class to include a token and the email attribute?

All of this has been removed from DeltaSpike for now, and while the plan 
is to eventually add a simple authentication API (I'm not sure why we 
couldn't just use the one we already had) I don't think we can depend on 
this for now, so I'll be re-implementing all of it again in the 
PicketLink CDI module.


> - Bruno
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20120731/7f26b117/attachment.html 

More information about the security-dev mailing list