<div dir="ltr">Hi,<div><br></div><div>Thanks for the feedback. I'm sure this static configuration can be improved.</div><div><br></div><div>Being integrated into the core project or not is really a matter of the Undertow community: on one hand, pac4j is an official module for Shiro, CAS and Ratpack, on the other hand, it's a separate project for Vertx, J2E, Spring Security and Play. It's up to you.</div><div><br></div><div>Once again, I'd like to publicly thank Michaël for his great work on Undertow and on SAML as well.</div><div><br></div><div>Thanks.</div><div>Best regards,</div><div><br></div><div><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">Jérôme LELEU<div>Founder of CAS in the cloud: <a href="http://www.casinthecloud.com" target="_blank">www.casinthecloud.com</a> | Twitter: @leleuj</div><div>Chairman of CAS: <a href="http://www.jasig.org/cas" target="_blank">www.jasig.org/cas</a> | Creator of pac4j: <a href="http://www.pac4j.org" target="_blank">www.pac4j.org</a></div></div></div></div>
<br><div class="gmail_quote">2014-10-30 1:04 GMT+01:00 Stuart Douglas <span dir="ltr"><<a href="mailto:sdouglas@redhat.com" target="_blank">sdouglas@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
----- Original Message -----<br>
> From: "Michaël REMOND" <<a href="mailto:michaelremond@gmail.com">michaelremond@gmail.com</a>><br>
> To: "Stuart Douglas" <<a href="mailto:sdouglas@redhat.com">sdouglas@redhat.com</a>><br>
> Cc: <a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a>, "Jérôme LELEU" <<a href="mailto:leleuj@gmail.com">leleuj@gmail.com</a>><br>
> Sent: Wednesday, 29 October, 2014 8:28:53 PM<br>
> Subject: Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?<br>
><br>
> Hello,<br>
><br>
> I make a follow-up on this thread as I received no feedback on my pac4j<br>
> binding proposal.<br>
<br>
Sorry, I mean't to look at this but it slipped through the cracks.<br>
<br>
><br>
> Are you interested in this authentication library? Can we improve its<br>
> design?<br>
<br>
I had a quick look through the code and for the most part it looks good. One thing that I would suggest changing is removing the static configuration, as it does not generally work very well in an application server environment where multiple deployments would be using it.<br>
<br>
I don't think something like this really belongs in Undertow core though. Maybe I should add a related projects section to the <a href="http://undertow.io" target="_blank">undertow.io</a> site and link it there?<br>
<br>
Stuart<br>
<br>
><br>
> Thank you for your help<br>
><br>
> Regards,<br>
> Michaël<br>
><br>
> 2014-05-27 20:02 GMT+02:00 Michaël REMOND <<a href="mailto:michaelremond@gmail.com">michaelremond@gmail.com</a>>:<br>
><br>
> > Hello dear Community,<br>
> ><br>
> > I made a first draft of what could be a pac4j binding for Undertow. You<br>
> > can find our standard demo application here<br>
> > <a href="https://github.com/pac4j/undertow-pac4j-demo" target="_blank">https://github.com/pac4j/undertow-pac4j-demo</a>. You can test several<br>
> > different authentication providers (facebook, twitter, form, CAS, SAML...).<br>
> ><br>
> > I'd like to share some implementation details with you:<br>
> > - I implemented a new AuthenticationMechanism delegating the<br>
> > authentication to a pac4j client; so this mechanism is rather "generic" in<br>
> > regards to what you got in undertow (one for basic auth, one for form...)<br>
> > - pac4j needs a session mechanism so I used the Undertow SessionManager<br>
> > to store some attributes but also the User Profile once the user is<br>
> > successfully authenticated<br>
> > - pac4j also needs a callback url to finish the authentication process so<br>
> > I developped a dedicated handler<br>
> > - finally I used the EagerFormParsingHandler to grab the required POSTed<br>
> > data<br>
> ><br>
> > To conclude I have to say I really appreciated the maturity of the<br>
> > framework because it was pretty straightforward to play with all the<br>
> > concepts and the ability to change from the IO thread to the dispatcher is<br>
> > really powerfull.<br>
> ><br>
> > Jérôme and I are really interrested to get your feedback on this work.<br>
> > Does this binding makes sense to you? How can we improve this work to fit<br>
> > perfectly in Undertow and how can we extract a viable library from the<br>
> > demo?<br>
> ><br>
> > Thank you for your help,<br>
> ><br>
> > Regards,<br>
> > Michaël<br>
> ><br>
> ><br>
> ><br>
> > 2014-05-13 15:01 GMT+02:00 Stuart Douglas <<a href="mailto:sdouglas@redhat.com">sdouglas@redhat.com</a>>:<br>
> ><br>
> >> This does sound pretty cool. I would start by looking at the existing<br>
> >> authenticator implementations and the security docs at<br>
> >><br>
> >> <a href="http://undertow.io/documentation/core/security.html" target="_blank">http://undertow.io/documentation/core/security.html</a><br>
> >><br>
> >> Stuart<br>
> >><br>
> >> Michaël REMOND wrote:<br>
> >><br>
> >>> Hi,<br>
> >>><br>
> >>> I currently contribute to a Java library from Jerome Leleu, able to<br>
> >>> protect applications and delegate authentications to various identity<br>
> >>> providers. It currently supports 5 different protocols: CAS, OAuth,<br>
> >>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,<br>
> >>> Google, Yahoo...) through a very simple and unified API accross<br>
> >>> protocols/JVM frameworks: <a href="https://github.com/leleuj/pac4j" target="_blank">https://github.com/leleuj/pac4j</a>.<br>
> >>><br>
> >>> The pac4j librairies are used in various JVM frameworks with the<br>
> >>> appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.<br>
> >>> Although the core pac4j librairies gathers "a lot of" code (300 classes,<br>
> >>> 26000 lines of source code), the implementations to specific JVM<br>
> >>> frameworks are pretty straigtforward: from 4 classes for Spring Security<br>
> >>> to 11 classes for Play Framework 2.x.<br>
> >>><br>
> >>> We are currently targeting new plateforms and especially async one; we<br>
> >>> got an implementation from ratpack (<a href="http://www.ratpack.io/" target="_blank">http://www.ratpack.io/</a>) and we<br>
> >>> discussed also with the guys from vert.x. They gave us some ideas in<br>
> >>> order to improve our library by becoming more "reactive".<br>
> >>><br>
> >>> I think that pac4j could be helpful for the Undertow community too by<br>
> >>> bringing client multi-protocols support.<br>
> >>><br>
> >>> I looked at the security model from Undertow and I start to think about<br>
> >>> a possible integration by developing a "Pac4jAuthenticationMechanism".<br>
> >>><br>
> >>> What do you think about such development? Are you interested in a demo<br>
> >>> app showing how this could work? Do you have suggestions?<br>
> >>><br>
> >>> Thanks.<br>
> >>> Best regards,<br>
> >>> Michael Remond<br>
> >>><br>
> >>> _______________________________________________<br>
> >>> undertow-dev mailing list<br>
> >>> <a href="mailto:undertow-dev@lists.jboss.org">undertow-dev@lists.jboss.org</a><br>
> >>> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br>
> >>><br>
> >><br>
> ><br>
><br>
</blockquote></div><br></div></div>