[undertow-dev] Authentication layer in Undertow + Resteasy
arjan tijms
arjan.tijms at gmail.com
Mon Jan 5 13:28:20 EST 2015
Hi,
On Sunday, January 4, 2015, Antoine Girard <antoine at team51.nl> wrote:
> I had a little try with adding a ServletExtension into the deployment,
> with a custom AuthenticationMechanism, but I couldn't achieve what is
> described above, as it is really jax-rs specific.
>
> I haven't seen a lot of people on the internet doing what I have described
> above... that's why I am not that confident! I am indeed bypassing all the
> security layer already available in Undertow. I feel I am missing the
> elephant in the room...
>
Maybe the name of that elephant is JASPIC ;)
Take a look at
http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html
It's an authentication module that integrates fully with container
security, and can be registered either from within the app (as the sample
in the link above demonstrates) or more traditionally at the container
level.
Undertow has really good support for JASPIC and the default stateless mode
makes it ideal to be used with JAX-RS.
Kind regards,
Arjan Tijms
>
> What do you think about that approach?
>
> Thank you all in advance.
>
> Best regards,
> Antoine
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20150105/85ecb586/attachment.html
More information about the undertow-dev
mailing list