[undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?

Michaël REMOND michaelremond at gmail.com
Tue May 27 14:02:01 EDT 2014 

Hello dear Community,

I made a first draft of what could be a pac4j binding for Undertow. You can
find our standard demo application here
https://github.com/pac4j/undertow-pac4j-demo. You can test several
different authentication providers (facebook, twitter, form, CAS, SAML...).

I'd like to share some implementation details with you:
 - I implemented a new AuthenticationMechanism delegating the
authentication to a pac4j client; so this mechanism is rather "generic" in
regards to what you got in undertow (one for basic auth, one for form...)
 - pac4j needs a session mechanism so I used the Undertow SessionManager to
store some attributes but also the User Profile once the user is
successfully authenticated
 - pac4j also needs a callback url to finish the authentication process so
I developped a dedicated handler
 - finally I used the EagerFormParsingHandler to grab the required POSTed
data

To conclude I have to say I really appreciated the maturity of the
framework because it was pretty straightforward to play with all the
concepts and the ability to change from the IO thread to the dispatcher is
really powerfull.

Jérôme and I are really interrested to get your feedback on this work. Does
this binding makes sense to you? How can we improve this work to fit
perfectly in Undertow and how can we extract a viable library from the demo?

Thank you for your help,

Regards,
Michaël



2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas at redhat.com>:

> This does sound pretty cool. I would start by looking at the existing
> authenticator implementations and the security docs at
>
> http://undertow.io/documentation/core/security.html
>
> Stuart
>
> Michaël REMOND wrote:
>
>> Hi,
>>
>> I currently contribute to a Java library from Jerome Leleu, able to
>> protect applications and delegate authentications to various identity
>> providers. It currently supports 5 different protocols: CAS, OAuth,
>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
>> Google, Yahoo...) through a very simple and unified API accross
>> protocols/JVM frameworks: https://github.com/leleuj/pac4j.
>>
>> The pac4j librairies are used in various JVM frameworks with the
>> appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
>> Although the core pac4j librairies gathers "a lot of" code (300 classes,
>> 26000 lines of source code), the implementations to specific JVM
>> frameworks are pretty straigtforward: from 4 classes for Spring Security
>> to 11 classes for Play Framework 2.x.
>>
>> We are currently targeting new plateforms and especially async one; we
>> got an implementation from ratpack (http://www.ratpack.io/) and we
>> discussed also with the guys from vert.x. They gave us some ideas in
>> order to improve our library by becoming more "reactive".
>>
>> I think that pac4j could be helpful for the Undertow community too by
>> bringing client multi-protocols support.
>>
>> I looked at the security model from Undertow and I start to think about
>> a possible integration by developing a "Pac4jAuthenticationMechanism".
>>
>> What do you think about such development? Are you interested in a demo
>> app showing how this could work? Do you have suggestions?
>>
>> Thanks.
>> Best regards,
>> Michael Remond
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20140527/35082894/attachment.html

More information about the undertow-dev mailing list