----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, November 25, 2014 5:55:31 PM
Subject: Re: [keycloak-dev] security proxy prototype
I don't see the similarity to PL HTTP Security. You use this when there
is no Keycloak adapter for your environment (i.e. python, ruby, etc.).
Take a look at our code [1] The proxy was ridiculously easy to implement
and used our existing Undertow authentication plugin.
Using PL HTTP Security would be overkill, wouldn't work because the
servlet API isn't used by Undertow's proxy impl, and would require me to
write an adapter specific to the PL HTTP Security Auth SPI (which I'm
not convinced can handle OAuth).
[1]
https://github.com/keycloak/keycloak/tree/master/proxy
From a functional perspective they are similar. From an implementation
perspective, yes, they are different. PL one is based on servlet api and that is a blocker
for you.
I was just curious if the idea was the same. Protect paths based on certain constraints.
On 11/25/2014 2:15 PM, Pedro Igor Silva wrote:
> Bill,
>
> Is not that similar with PicketLink's Http Security [1] ?
>
> Of course, your work is providing that from outside the app. While in
> PicketLink you need the configuration in your app. But that can be
> easily changed.
>
> [1]
>
http://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Htt...
>
> ----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Friday, November 21, 2014 1:58:10 PM
> Subject: Re: [keycloak-dev] security proxy prototype
>
>
>
> On 11/21/2014 10:35 AM, Stan Silvert wrote:
>> On 11/21/2014 8:48 AM, Bill Burke wrote:
>>>
>>> On 11/21/2014 8:25 AM, Stan Silvert wrote:
>>>>> As a side effect, we now have a pure Undertow adapter.
>>>> I thought I already refactored our Undertow adapter to be pure?
>>>>
>>> I didn't see an adapter. Just abstract classes.
>>>
>> Ah, you are right. I got rid of the dependency on the Servlet API but I
>> never provided a concrete extension of UndertowKeycloakAuthMech.
>>
>> I've actually got one on my local box. Should I add it to the Undertow
>> adapter?
>
> I already did it and already use it in the proxy.
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com