12:23 p.m.
Hello,
I am presently in the process of adding MicroProfile JWT support to
WildFly, most of the code to activate this is now ready but I just wanted
to ask for some pointers as to how RestEasy triggers the need for
authentication for a request?
I have a deployed endpoint annotated with @RolesAllowed, I am about to
attach a debugger and look into the call in more detail but thought I would
ask here as well if there are any pointers.
Regards,
Darran Lofthouse.
1:15 p.m.
I have found the following that answers my question: -
https://docs.jboss.org/resteasy/docs/4.4.0.Final/userguide/html/Securing_...
So overall I both need to switch on support for the annotations AND
configure a path based security constraint in the web.xml to trigger
authentication.
Have there been any discussions on looking into this further? It seems
plausible that authentication could be triggered in the event a role is
required if authentication has not already been performed: -
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServ...
Regards,
Darran Lofthouse.
On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse <darran.lofthouse(a)jboss.com>
wrote:
Hello,
I am presently in the process of adding MicroProfile JWT support to
WildFly, most of the code to activate this is now ready but I just wanted
to ask for some pointers as to how RestEasy triggers the need for
authentication for a request?
I have a deployed endpoint annotated with @RolesAllowed, I am about to
attach a debugger and look into the call in more detail but thought I would
ask here as well if there are any pointers.
Regards,
Darran Lofthouse.
3:37 p.m.
Hi Darran,
On Fri, Nov 1, 2019 at 7:16 PM Darran Lofthouse <darran.lofthouse(a)jboss.com>
wrote:
I have found the following that answers my question: -
https://docs.jboss.org/resteasy/docs/4.4.0.Final/userguide/html/Securing_...
So overall I both need to switch on support for the annotations AND
configure a path based security constraint in the web.xml to trigger
authentication.
Have there been any discussions on looking into this further? It seems
plausible that authentication could be triggered in the event a role is
required if authentication has not already been performed: -
No discussion here recently AFAIR. Maybe Ron remembers anything?
I'm fine evaluating possible RFE anyway.
Thanks
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServ...
Regards,
Darran Lofthouse.
On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse <
darran.lofthouse(a)jboss.com> wrote:
> Hello,
>
> I am presently in the process of adding MicroProfile JWT support to
> WildFly, most of the code to activate this is now ready but I just wanted
> to ask for some pointers as to how RestEasy triggers the need for
> authentication for a request?
>
> I have a deployed endpoint annotated with @RolesAllowed, I am about to
> attach a debugger and look into the call in more detail but thought I would
> ask here as well if there are any pointers.
>
> Regards,
> Darran Lofthouse.
>
> _______________________________________________
resteasy-dev mailing list
resteasy-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev
--
Alessio Soldano
Associate Manager, Software Engineering
Red Hat <https://www.redhat.com>
<https://www.redhat.com>
6:40 p.m.
I haven't interacted with that piece of RESTEasy. Purely Bill Burke, I
would think.
On 11/4/19 4:37 PM, Alessio Soldano wrote:
Hi Darran,
On Fri, Nov 1, 2019 at 7:16 PM Darran Lofthouse
<darran.lofthouse(a)jboss.com <mailto:darran.lofthouse@jboss.com>> wrote:
I have found the following that answers my question: -
https://docs.jboss.org/resteasy/docs/4.4.0.Final/userguide/html/Securing_...
So overall I both need to switch on support for the annotations
AND configure a path based security constraint in the web.xml to
trigger authentication.
Have there been any discussions on looking into this further? It
seems plausible that authentication could be triggered in the
event a role is required if authentication has not already been
performed: -
No discussion here recently AFAIR. Maybe Ron remembers anything?
I'm fine evaluating possible RFE anyway.
Thanks
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServ...
Regards,
Darran Lofthouse.
On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse
<darran.lofthouse(a)jboss.com <mailto:darran.lofthouse@jboss.com>>
wrote:
Hello,
I am presently in the process of adding MicroProfile JWT
support to WildFly, most of the code to activate this is now
ready but I just wanted to ask for some pointers as to how
RestEasy triggers the need for authentication for a request?
I have a deployed endpoint annotated with @RolesAllowed, I am
about to attach a debugger and look into the call in more
detail but thought I would ask here as well if there are any
pointers.
Regards,
Darran Lofthouse.
_______________________________________________
resteasy-dev mailing list
resteasy-dev(a)lists.jboss.org <mailto:resteasy-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/resteasy-dev
--
Alessio Soldano
Associate Manager, Software Engineering
Red Hat <https://www.redhat.com>
<https://www.redhat.com>
_______________________________________________
resteasy-dev mailing list
resteasy-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev
5:13 a.m.
Ok thank you.
I think I will speak to you more once I have this initial MicroProfile JWT
integration complete. One of the motivations of MP-JWT is the ability to
add an annotation to the Application to activate the mechanism whilst
avoiding the need to edit the web.xml. However two updates are still
required to the web.xml to make authentication mandatory (which is
restricted to being path based) and to enable access control.
Those remaining two point I think we can discuss but it may also be worth
raising in the MicroProfile group to see if there is interest in getting
the behaviour spec defined.
Regards,
Darran Lofthouse.
On Tue, Nov 5, 2019 at 12:40 AM Ron Sigal <rsigal(a)redhat.com> wrote:
I haven't interacted with that piece of RESTEasy. Purely Bill
Burke, I
would think.
On 11/4/19 4:37 PM, Alessio Soldano wrote:
Hi Darran,
On Fri, Nov 1, 2019 at 7:16 PM Darran Lofthouse <
darran.lofthouse(a)jboss.com> wrote:
> I have found the following that answers my question: -
>
>
>
https://docs.jboss.org/resteasy/docs/4.4.0.Final/userguide/html/Securing_...
>
> So overall I both need to switch on support for the annotations AND
> configure a path based security constraint in the web.xml to trigger
> authentication.
>
> Have there been any discussions on looking into this further? It seems
> plausible that authentication could be triggered in the event a role is
> required if authentication has not already been performed: -
>
No discussion here recently AFAIR. Maybe Ron remembers anything?
I'm fine evaluating possible RFE anyway.
Thanks
>
>
>
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServ...
>
> Regards,
> Darran Lofthouse.
>
> On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse <
> darran.lofthouse(a)jboss.com> wrote:
>
>> Hello,
>>
>> I am presently in the process of adding MicroProfile JWT support to
>> WildFly, most of the code to activate this is now ready but I just wanted
>> to ask for some pointers as to how RestEasy triggers the need for
>> authentication for a request?
>>
>> I have a deployed endpoint annotated with @RolesAllowed, I am about to
>> attach a debugger and look into the call in more detail but thought I would
>> ask here as well if there are any pointers.
>>
>> Regards,
>> Darran Lofthouse.
>>
>> _______________________________________________
> resteasy-dev mailing list
> resteasy-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/resteasy-dev
>
--
Alessio Soldano
Associate Manager, Software Engineering
Red Hat <https://www.redhat.com>
<https://www.redhat.com>
_______________________________________________
resteasy-dev mailing
listresteasy-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/resteasy-dev
_______________________________________________
resteasy-dev mailing list
resteasy-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/resteasy-dev
1849
days inactive
1853
days old
4 comments
3 participants
participants (3)
-
Alessio Soldano -
Darran Lofthouse -
Ron Sigal