[security-dev] Undertow / IdentityManager and Digest Authentication
Anil Saldhana
asaldhan at redhat.com
Wed May 1 20:44:35 EDT 2013
Shane - you can add the API for this. But I would like to think about it further. I really do not like creds via IM interface.
On May 1, 2013, at 7:33 PM, Shane Bryzak <sbryzak at redhat.com> wrote:
> Bill, I'm going to concede defeat on this one, so congrats on a
> well-fought victory ;) The one saving grace with the IdentityManager is
> that in an EE environment it is actually wrapped by a
> SecuredIdentityManager, which allows for permission checks to be defined
> for every single IDM operation. With this in mind, it should be trivial
> to implement a permission check for credential retrieval that restricts
> it to only allow the reading of credentials for the currently
> authenticated user (or whatever other permission logic the developer wants).
>
> So, with that in mind I propose the following additional methods for
> IdentityManager:
>
> <T extends CredentialStorage> T retrieveCurrentCredential(Agent
> agent, Class<T> storageClass);
> <T extends CredentialStorage> List<T> retrieveCredentials(Agent
> agent, Class<T> storageClass);
>
> These will essentially delegate to the underlying CredentialStore, and
> if there is none (which will be the case in an LDAP-only configuration)
> you'll get an OperationNotSupportedException.
>
> Will this be sufficient for your requirements?
>
> Shane
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list