[undertow-dev] Configure authentication mechanisms

Stuart Douglas sdouglas at redhat.com
Wed Apr 24 18:41:59 EDT 2013 


Anil Saldhana wrote:
> https://community.jboss.org/wiki/WildFlyWebContainerSecurityUseCases
>
> We use JBossWeb Valves/Authenticators in AS7/JBossWeb.
>
> Undertow currently just handles the standard mechanisms
> (gss,form,basic,client-cert,digest) via the LoginConfig construct.
> https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/Undertow.java

Yes, that API is pretty limited at the moment. In general that Undertow 
API is subject to change, it is basically my first attempt and when I 
have some time I want to refine it to make it more useful.

>
> I am wondering if it is possible to update the builder API to change to
> overriden implementations of the mechanisms for example: FORM.  In my
> case, the SAMLAuthenticationMechanism would be a subclass of
> FormAuthenticationMechanism.

This should be possible. We will also need something similar in the 
servlet builder API.

Stuart

>
> I think Bill Burke has a similar use case where he would like to inject
> an OAuth driven Auth Mechanism.
>
> I guess as a start the builder api should be updated.  Not sure how it
> should look.



>
>
> On 04/24/2013 04:04 PM, Stuart Douglas wrote:
>> If you are configuring Undertow programmatically you need to add a
>> io.undertow.security.handlers.AuthenticationMechanismsHandler to the
>> handler chain that has your authentication mechanism.
>>
>> Unfortunately we don't have a way of hooking this up into the Wildfly
>> config yet, although it will not be a very big job. Regarding config
>> options for AS7 there are a few possibilities:
>>
>> 1) Allow the user to specify the class name and module in JBoss Web to
>> configure per app, and same in standalone.xml for global authenticators.
>>
>> 2) Introduce a servlet loader based mechanism to allow mechanisms to be
>> loaded and associated with a simple name. This name could then be
>> specified in the web.xml login config. In the subsystem you could list
>> all the modules that you want to load authentication mechanisms from.
>> This has the advantage that internal class names do not leak out into
>> config.
>>
>> 3) Some other way??
>>
>> I am leaning towards option 2. I think it should be possible to get this
>> integrated into the next Undertow release early next week.
>>
>> Stuart
>>
>> Anil Saldhana wrote:
>>> Hi,
>>>       I am trying to figure out how to set up the authentication mechanisms
>>> in undertow. If I write an authentication mechanism involving saml, how
>>> do I make the web apps using that mechanism.
>>>
>>> Any links to test cases.
>>>
>>> Regards,
>>> Anil
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev

More information about the undertow-dev mailing list