<div dir="ltr">Hey Stuart,<div><br></div><div>Thanks for the reply. We're using Cassandra so we have a good, async data store and would love to be able to take advantage of it. I'll have to look at the existing security stuff to see if it's easier to just implement as standard handlers or to mix-and-match as you suggest. I would like to be able to use some of the existing AuthenticationMechanism code rather than re-implement, but I think I can actually write a small wrapper that lets me call them from a regular handler rather than the other way around.</div><div><br></div><div>Thanks,</div><div>Oliver</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jul 5, 2016 at 3:56 PM Stuart Douglas <<a href="mailto:sdouglas@redhat.com">sdouglas@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The issue with a database is that there is basically no way to do an<br>
async lookup with JDBC. It is possible the DB might provide async<br>
drivers that you can use.<br>
<br>
The main reason why the IdentityManager uses a blocking API is because<br>
the vast majority of java implementations will be blocking (databases,<br>
ldap etc), although we may look at doing a non blocking version at<br>
some point in the future.<br>
<br>
There is actually nothing really 'special' about SecurityContext,<br>
IdentityManager etc, its just that the existing security handlers (and<br>
most importantly Servlet security) are implemented in terms of this.<br>
Depending on your requirements you can replace part or all of this.<br>
For example you could use a handler earlier in the chain to verify the<br>
user via a non blocking DB lookup, then just call<br>
SecurityContext.authenticationComplete() to set the current user if<br>
you want to use the existing security handlers.<br>
<br>
Stuart<br>
<br>
On Tue, Jul 5, 2016 at 10:29 AM, Oliver Dain <<a href="mailto:oliver@analyticspot.com" target="_blank">oliver@analyticspot.com</a>> wrote:<br>
> The docs for security<br>
> (<a href="http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#security" rel="noreferrer" target="_blank">http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#security</a>)<br>
> say:<br>
><br>
>> Security within Undertow is implemented as a set of asynchronous handlers<br>
>> and a set of authentication mechanisms co-ordinated by these handlers.<br>
><br>
> However, it appears that the IdentityManager and AuthenticationMechanism<br>
> APIs are synchronous. For example, suppose I want to do simple<br>
> username/password authentication using FormAuthenticationMechanism. That<br>
> will use the IdentityManager on the SecurityContext to determine if the<br>
> username/password is valid. For me that would require a database lookup and<br>
> I'd like to do that asynchronously. However, the IdentityManager.verify API<br>
> requires an immediate response so I have to do a block database lookup.<br>
> Since I've been super careful to do everything in all my handlers async and<br>
> have exactly 1 thread per core this seems like a significant stumbling<br>
> block.<br>
><br>
> 2 questions:<br>
><br>
> 1. Is there a way to do something like I'm describing in an async manner?<br>
> 2. Why is security "special" using a SecurityContext, different APIs, etc.<br>
> Couldn't it all have been implemented in terms of regular HttpHandler? That<br>
> would make it the API smaller and make it possible to do async<br>
> authentication.<br>
><br>
> Thanks,<br>
> Oliver<br>
> --<br>
> CTO, Analytic Spot<br>
> 44 West Broadway #222<br>
> Eugene, OR 97401<br>
> <a href="http://analyticspot.com" rel="noreferrer" target="_blank">analyticspot.com</a> • 425-296-6556<br>
> <a href="http://www.linkedin.com/in/oliverdain" rel="noreferrer" target="_blank">www.linkedin.com/in/oliverdain</a><br>
><br>
> _______________________________________________<br>
> undertow-dev mailing list<br>
> <a href="mailto:undertow-dev@lists.jboss.org" target="_blank">undertow-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a><br>
</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr"><div style="font-size:small"><div style="font-size:13px;line-height:19.5px">CTO, Analytic Spot</div><div style="font-size:13px;line-height:19.5px">44 West Broadway #222</div><div style="font-size:13px;line-height:19.5px">Eugene, OR 97401<br></div><div style="font-size:13px;line-height:19.5px"><a href="http://analyticspot.com/" style="z-index: 0;">analyticspot.com</a> <span style="color:rgb(127,127,127);font-family:'helvetica neue';font-size:11px;line-height:normal">• </span>425-296-6556</div></div><div style="font-size:small"><span style="line-height:19.5px"><a href="http://www.linkedin.com/in/oliverdain" style="z-index: 0;">www.linkedin.com/in/oliverdain</a></span></div></div></div>