[JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule

Wednesday, 9 November 2016

    [
https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin...
] 

Ramesh Reddy commented on TEIID-4561:
-------------------------------------

 When client call comes into the web layer, it redirects the call to the identity server
(keycloak), then client negotiates the AccessToken. OAuthFiler is where Teiid checks the
Access Token in HTTP header. it s expected that by the time OAuthFilter is called, the
authentication is already done, and AccessToekn is sent with the call. You do not have
access to Subject here, at least I think did not find a way access the Subject object,
because there is no JAAS based security. In OAuth20LoginModule also I do not we have
access to a Subject, but we will have capability to create Subject and associate
credential for JEE pattern.

...
 Deprecate the PassthroughIdentityLoginModule
 --------------------------------------------

                 Key: TEIID-4561
                 URL: https://issues.jboss.org/browse/TEIID-4561
             Project: Teiid
          Issue Type: Quality Risk
          Components: Server
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 9.2

 The delegation capability of the PassthroughIdentityLoginModule can be associated with
the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of
the KerberosLoginModule).  Also the OAuthCredentialContext should be changed to use the
Subject private credentials rather than a ThreadLocal. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009