Hi,<br><br>On Sunday, January 4, 2015, Antoine Girard <<a href="mailto:antoine@team51.nl">antoine@team51.nl</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I had a little try with adding a ServletExtension into the deployment, with a custom AuthenticationMechanism, but I couldn't achieve what is described above, as it is really jax-rs specific.</div><div><div><br></div><div>I haven't seen a lot of people on the internet doing what I have described above... that's why I am not that confident! I am indeed bypassing all the security layer already available in Undertow. I feel I am missing the elephant in the room...</div></div></div></blockquote><div><br></div><div>Maybe the name of that elephant is JASPIC ;)</div><div><br></div><div>Take a look at <a href="http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html">http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html</a></div><div><br></div><div>It's an authentication module that integrates fully with container security, and can be registered either from within the app (as the sample in the link above demonstrates) or more traditionally at the container level.</div><div><br></div><div>Undertow has really good support for JASPIC and the default stateless mode makes it ideal to be used with JAX-RS.</div><div><br></div><div>Kind regards,</div><div>Arjan Tijms</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><br></div><div>What do you think about that approach?</div><div><br></div><div>Thank you all in advance.</div><div><br></div><div>Best regards,</div><div>Antoine</div>
</div></div>
</blockquote>