On 09/12/2012 05:40 PM, Bill Burke wrote:
I've written a very small library that allows you to fully
delegate
authentication to a security domain/login module. I implemented this to
support integration with a RESTful token service (Openstack Keystone).
https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-...
AFAICT, you pretty much have to go through the Realm/Security domain
execution path if you want principals and roles set up correctly to work
with EE security. So doing all protocol work in the Valve just wasn't
gonna cut it. This small library tunnels the catalina Request object (so
you can access info not in HTtpServletRequest) as well as a
HttpServletRespones via a ThreadLocal. Thats about it.
What I'd also like to do is write a web metadata processor that allowed
you to set the auth-method in web.xml to something like:
<login-config>
<auth-method>Securty Domain</auth-method>
<realm-name>java://jaas/myDomain</realm-name>
</login-config>
Remove the java:/jaas prefix. Just keep the domain
name.
And it would automatically set up the correct valve and security domain
so you wouldn't have to create a jboss-web.xml. If there is interest
I'll add this and submit a pull request to AS7. Otherwise, I'll just
keep doing what I'm doing.
This should help usability.