[undertow-dev] Authentication Mechanism Configuration

Stuart Douglas sdouglas at redhat.com
Mon Dec 2 04:28:58 EST 2013 

So I have gone ahead with this. 

Basically DeploymentInfo now contains a map of name -> AuthenticationMechanismFactory, and the LoginConfig class now has a list of AuthMethodConfig
structures, which are basically just a name and a properties map. 

Wildfly will be setup to parse comma separate auth methods with properties specified via a query string like syntax, e.g.:

BASIC?silent=true,FORM?error_page=error/page/override.html&post_location=/custom_location

So basically something like oauth can simply register a factory under the name OAUTH (or maybe com.keycloak.OAUTH to prevent clashes), and then rely on the user specifying that they want to use it in web.xml. 

If you want to register additional handlers etc then your extension should simply iterate over the auth mechanisms list, and if your mechanisms name is mentioned then then install your handlers. If you want to completely ignore what is in web.xml you can just clear the auth methods list and add your own method.  

As a result of this I have got rid of the additional authentication mechanims list, and the ignore standard methods flag, as they should not longer be nessesary. Unfortunately this is causing problems for the JASPI integration, so I am probably going to add a special hook for JASPI. 

Stuart

----- Original Message -----
> From: "Stuart Douglas" <sdouglas at redhat.com>
> To: "Darran Lofthouse" <darran.lofthouse at jboss.com>
> Cc: undertow-dev at lists.jboss.org
> Sent: Wednesday, 27 November, 2013 8:52:20 PM
> Subject: Re: [undertow-dev] Authentication Mechanism Configuration
> 
> Yes, that was another reason why I think the extensions should just register
> a name, otherwise ordering between mechanisms would just be a mess.
> 
> Stuart
> 
> ----- Original Message -----
> > From: "Darran Lofthouse" <darran.lofthouse at jboss.com>
> > To: "Stuart Douglas" <sdouglas at redhat.com>, "Darran Lofthouse"
> > <darran.lofthouse at jboss.com>
> > Cc: "Bill Burke" <bburke at redhat.com>, undertow-dev at lists.jboss.org
> > Sent: Wednesday, 27 November, 2013 6:38:45 PM
> > Subject: Re: [undertow-dev] Authentication Mechanism Configuration
> > 
> > On 27/11/13 17:34, Stuart Douglas wrote:
> > >>
> > >> One feature within JBoss Web was that at deployment time if an
> > >> authentication mechansism is already set on a web app the default
> > >> mechanism handling was skipped - we may also want to consider this to
> > >> allow deployers within WildFly to take over this handling.
> > >
> > > Not sure exactly what you mean here, an extension can remove other
> > > mechanisms if it desires.
> > 
> > What I mean here is making sure we don't have mechanisms being added
> > from multiple locations - but maybe if the deployers are just setting
> > names and factories and Undertow calls the factories that double
> > processing of methods would not occur.
> > 
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>

More information about the undertow-dev mailing list