[security-dev] Replacing Seam RunAsOperation (impersonate)
sflaniga at redhat.com
Mon Jul 13 01:31:36 EDT 2015
On 2015-07-10 22:27, Pedro Igor Silva wrote:
> Hey Sean,
> You are right, PL is missing that feature. It was planned but now the
> PL and KC are merging I'm not sure if we are going to implement it in
Ah yes, thanks for reminding me about the Keycloak merger. Sounds like
that might make it all moot. I don't suppose it has an impersonation
feature similar to the one in Seam?
> Regarding your question, there is no easy way to specify your own
> Identity implementation. However, I'm wondering if you can use a
> custom CDI scope for that. PicketLink allows you to define a specific
> scope for the Identity bean.
So, some sort of short-lived scope for Identity, plus login via a dummy
Authenticator? That might work, although it sounds more complex than
what I had in mind for modifying Identity.getAccount() to use a
ThreadLocal (ugly though it sounds).
But how does one configure the Identity bean's scope? I found slides 6
and 9 of http://www.slideshare.net/pigorcraveiro/jud-con-2014. Is there
a compiled example anywhere?
Would it be possible to change IdentityBeanDefinition to allow more
customisation, eg for getBeanClass()?
Also, is there some way I can disable PicketLinkExtension, so that I can
replace it with one which uses a modified IdentityBeanDefinition?
> Pedro Igor
> ----- Original Message -----
> From: "Sean Flanigan" <sflaniga at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Friday, July 10, 2015 5:37:51 AM
> Subject: [security-dev] Replacing Seam RunAsOperation (impersonate)
> I was hoping I had missed an impersonation feature, but now I'm
> thinking there isn't one in PicketLink. Assuming I have to subclass and
> @Specialize org.picketlink.internal.DefaultIdentity, how would I go
> about convincing PicketLink to use my implementation?
> org.picketlink.extension.PicketLinkExtension seems to be vetoing my
> implementation. Is there some way of telling (or overriding)
> IdentityBeanDefinition to use my Identity bean class?
>  https://developer.jboss.org/thread/260993
Principal Software Engineer
Globalisation Tools Engineering
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 213 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/security-dev/attachments/20150713/6aa3cb71/attachment.bin
More information about the security-dev