[undertow-dev] Principal mapping after authentication
Stuart Douglas
sdouglas at redhat.com
Wed Sep 4 03:34:23 EDT 2013
At the moment we don't have the ability to do this, but we could potentially add it.
It does get a bit tricky however, say we just expand the SecurityNotification mechanism to allow you to wrap the account after login. This would work from Undertow's perspective, however it is likely that there is other code that expects the account to be of a certain type, that will now fail because of the wrapper.
We would also have to look carefully at how this would with with the JAASIdentityManagerImpl in the Wildfly code base, as it appears that we will be stuck with that for a while yet. To make this work properly with the rest of Wildfly we would probably actually need to implement this inside the JAAS IDM itself, to make sure the Picketbox SecurityContext is setup correctly.
Stuart
----- Original Message -----
> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
> To: undertow-dev at lists.jboss.org
> Sent: Tuesday, 3 September, 2013 4:58:25 PM
> Subject: [undertow-dev] Principal mapping after authentication
>
> Hi All,
> one of the challenges we had with JBossWeb was principal mapping
> after authentication. It was hard as hell to do that. I wished for a
> mechanism where the authentication call would have a post authentication
> callback to see if the original principal has been mapped to something
> else. This is a use case seen in integration with third party security
> systems including commercial vendors.
>
> I have not dug into Undertow security codebase to see if this is
> possible yet but I wanted to put this to the dev list so that we can
> discuss it.
>
> Regards,
> Anil
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
More information about the undertow-dev
mailing list