Re: [security-dev] Undertow IDM

Bill Burke wrote: > Does Undertow give you some API so that you can get at the guts of a > SecurityCOntext? Basically the principal and its role mappings? Not directly, the principle and roles are determined by the relevant methods on the Account interface. Basically your auth mechanism could potentially just skip the IdentityManager entirely, and simply return its own account with whatever principal and roles you want.

> > I really need to port my SSO/OAuth stuff to Undertow. I hope you're > still up for suggestions and API changes. But what I care most about is > that Undertow doesn't make it impossible to add these capabilities or > put undo configuration complexities that don't exist in the AS7 version > of this functionality. Darran started a thread about the configuration on undertow-dev a while back ("Web Application - Security Mechanism Selection"). The security API is not set in stone, if there are things that you need that we don't provide feel free to start a discussion on undertow-dev about it.