[undertow-dev] modeling the handler Factory interface

Bill Burke bburke at redhat.com
Tue May 14 15:42:15 EDT 2013 

Not sure what "custom auth scheme" means yet, but my implementation 
includes the following:

* a way to define an oauth provider
* a way to use oauth as an SSO mechanism (an oauth consumer)
* traditional oauth thirdparty auth
* bearer token auth
* bearer token grants
* a few management URIs for distributed log-out

I'm also not exactly sure what a "handler" is supposed to be yet, but 
based on the above, there's a number of URI endpoints that need to be 
added and supported automatically.

I'm currently bogged down trying to pass the jaxrs2 tck.  My next task 
is to try and port my oauth stuff, at least as a prototype, to help 
flush out the security APIs or at least to be an additional guinea pig.



On 5/14/2013 3:29 PM, Anil Saldhana wrote:
> Bill,
>     have you tried plugging in a custom authentication scheme?  I am not
> sure you need your own handler.  If you look at it, for OAuth bearer
> token, you just need OAuthAuthenticationScheme that pulls in the bearer
> token from the header. You can certainly use http redirect to a OAuth
> provider (to get some token).
>
> Regards,
> Anil
>
> On 05/14/2013 06:55 AM, Bill Burke wrote:
>> Take a look at Feature, DynamicFeature, and Configurable for JAX-RS 2.0
>>
>> https://github.com/resteasy/Resteasy/blob/master/jaxrs/jaxrs-api/src/main/java/javax/ws/rs/core/Feature.java
>>
>> https://github.com/resteasy/Resteasy/blob/master/jaxrs/jaxrs-api/src/main/java/javax/ws/rs/core/Configurable.java
>>
>> https://github.com/resteasy/Resteasy/blob/master/jaxrs/jaxrs-api/src/main/java/javax/ws/rs/container/DynamicFeature.java
>>
>>
>> Feature is your factory concept.  Its passed a Configurable that allows
>> you to look up config properties and register components.
>> DynamicFeature allows you to bind per-endpoint.
>>
>> Might want to check out the filter model as well.  Resteasy made use of
>> the JAX-RS filter model in a variety of use cases in both sync and async
>> environments.  The model was also vetted by other vendors.  Might be
>> something to check out to see if Undertow handler's missed anything.
>> When I get a chance to port my OAuth stuff I'll have more suggestions
>> for your handler API, maybe.
>>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the undertow-dev mailing list