CAS / OAuth / OpenID / HTTP / SAML client protocol support?
by Michaël REMOND
Hi,
I currently contribute to a Java library from Jerome Leleu, able to protect
applications and delegate authentications to various identity providers. It
currently supports 5 different protocols: CAS, OAuth, OpenID, HTTP and SAML
and 18 identity providers (Facebook, Twitter, Google, Yahoo...) through a
very simple and unified API accross protocols/JVM frameworks:
https://github.com/leleuj/pac4j.
The pac4j librairies are used in various JVM frameworks with the
appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
Although the core pac4j librairies gathers "a lot of" code (300 classes,
26000 lines of source code), the implementations to specific JVM frameworks
are pretty straigtforward: from 4 classes for Spring Security to 11 classes
for Play Framework 2.x.
We are currently targeting new plateforms and especially async one; we got
an implementation from ratpack (http://www.ratpack.io/) and we discussed
also with the guys from vert.x. They gave us some ideas in order to improve
our library by becoming more "reactive".
I think that pac4j could be helpful for the Undertow community too by
bringing client multi-protocols support.
I looked at the security model from Undertow and I start to think about a
possible integration by developing a "Pac4jAuthenticationMechanism".
What do you think about such development? Are you interested in a demo app
showing how this could work? Do you have suggestions?
Thanks.
Best regards,
Michael Remond
10 years
Can we please have a notification scheme enabled for Undertow Jira?
by Darran Lofthouse
Can we please have a notification scheme enabling for the Undertow Jira
project so that we can receive e-mail notifications.
I would suggest just use the same one as is used for Remoting JMX, it
should be sufficient to have the notifications go to the general mailing
list and interested individuals.
Regards,
Darran Lofthouse.
10 years, 3 months
Welcome file does not seem to work with default servlet and /
by Ron Leisti
Hi,
I've encountered what seems like a but with the handling of welcome files.
I am using Undertow 1.0.0 included in Wildfly 8.0.0
If I don't create a servlet mapping for the URL "/", then Undertow will
automatically registers its own DefaultServlet as the mapping. I would
like "/" to automatically invoke a servlet that is mapped to some path like
"/foo". I don't setup an explicit mapping because I don't want my servlet
to be the default servlet, because I still want static resources to get
resolved automatically.
To get this to work, I create a welcome file entry "foo". However, I think
Undertow is ignoring this mapping in this circumstance. I've done some
debugging into Undertow and found that when the ServletPathMatchesData is
created, the DefaultServlet is given an exact match "/" which forces
requiredWelcomeFileMatch to false, (ServletPathMatchesData constructor)
even if requiredWelcomeFileMatch was true for the DefaultServlet. With
requiredWelcomeFileMatch=false, the welcome file logic is skipped and
control is given to the default servlet, which simply returns a 404 for "/".
Is my logic just flawed, or is this a bug?
Thank you
10 years, 5 months
Undertow 1.0.x - Handling of large binary messages is probably broken
by Andrej Golovnin
Hi Stuart,
I think that the handling of large binary messages is broken in Undertow 1.0.x branch.
If you copy the test classes from the pull request 206 to the 1.0.x branch and
execute the test BinaryEndpointTest, then you should get this exception:
00:51:25,401 ERROR (XNIO-1 I/O-1) [org.xnio.listener] <ChannelListeners.java:94> XNIO001007: A channel event listener threw an exception: java.lang.IndexOutOfBoundsException
at java.nio.Buffer.checkIndex(Buffer.java:532)
at java.nio.DirectByteBuffer.get(DirectByteBuffer.java:253)
at io.undertow.websockets.core.protocol.version07.Masker.mask(Masker.java:54)
at io.undertow.websockets.core.protocol.version07.Masker.afterRead(Masker.java:67)
at io.undertow.websockets.core.FixedPayloadFrameSourceChannel.afterRead(FixedPayloadFrameSourceChannel.java:117)
at io.undertow.websockets.core.FixedPayloadFrameSourceChannel.read(FixedPayloadFrameSourceChannel.java:78)
at io.undertow.websockets.core.BufferedBinaryMessage$1.handleEvent(BufferedBinaryMessage.java:87)
at io.undertow.websockets.core.BufferedBinaryMessage$1.handleEvent(BufferedBinaryMessage.java:79)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.invokeReadListener(AbstractFramedChannel.java:647)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:620)
at io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:614)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:87)
at org.xnio.nio.NioHandle$1.run(NioHandle.java:50)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:552)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:461)
I was not able to find the cause for this exception. It is possible that my test is just wrong.
In that please let me know, what I'm doing wrong. If the test is OK, then I hope you can find the bug
and fix it before the release of WildFly 8.1.0.
Best regards,
Andrej Golovnin
10 years, 5 months
asynchronous cassandra queries
by Adrian
Hi
I'm trying to query Cassandra asynchronously from inside an HttpHandler,
but by the time the listener is run, Undertow has closed the response
channel. Is there some way to keep it open? Can you suggest another
approach?
Thanks
Adrian
10 years, 6 months
Undertow not handling servlet exceptions properly
by Dragan Jotanovic
Hi,
I'm using embedded undertow with jastow for serving jsp pages.
I registered custom error page for handling all 500 errors, but exception
is not propagated to my custom 500.jsp page (javax.servlet.error.exception
request attribute is never set).
I debugged through undertow code and found that the problem is in
"ServletInitialHandler", "handleFirstRequest" method. When a servlet
throws exception, error page location is looked for only by exception type
and not by exception code as well, so the exception is never propagated to
my custom error page.
Is this a bug or a feature? The only workaround I have found is to register
my custom error page against JasperException.class, but I wouldn't want to
do this for all the possible exceptions my application could throw.
If it's a bug, than simple fix would be to look for error page by 500 error
code as well, like so:
String location =
servletContext.getDeployment().getErrorPages().getErrorLocation(t);
if (location == null) {
location =
servletContext.getDeployment().getErrorPages().getErrorLocation(500);
}
Regards,
Dragan
10 years, 6 months
Embedded undertow and atmosphere framework websockets
by Dragan Jotanovic
Hi,
I'm struggling to make simple chat atmosphere application to work with
embedded undertow.
The app seems to connect to websocket, and requests are passing through to
AtmosphereHandler but response never reaches client. I suppose that I'm
missing something in my undertow configuration but don't know what. Same
code works when dropped into Tomcat or Jetty.
Here is my bootstrap class:
public class Bootstrap {
public static void main(String[] args) throws Exception {
// deploy to undertow
DeploymentInfo servletBuilder = Servlets.deployment()
.setClassLoader(Bootstrap.class.getClassLoader())
.setContextPath("")
.setDeploymentName("chat")
.setDefaultEncoding("UTF-8")
.setUrlEncoding("UTF-8")
.setResourceManager(new FileResourceManager(new File(""),
0))
.addWelcomePage("index.html");
servletBuilder.addServlet(Servlets.servlet("AtmosphereServlet",
AtmosphereServlet.class)
.addInitParam("org.atmosphere.cpr.AtmosphereHandler",
"org.atmosphere.samples.chat.Chat")
.addMapping("/chat/*")
.setAsyncSupported(true));
final WebSocketDeploymentInfo webSocketDeploymentInfo = new
WebSocketDeploymentInfo();
servletBuilder.addServletContextAttribute(WebSocketDeploymentInfo.ATTRIBUTE_NAME,
webSocketDeploymentInfo);
DeploymentManager manager =
Servlets.defaultContainer().addDeployment(servletBuilder);
manager.deploy();
HttpHandler servletHandler = manager.start();
PathHandler path =
Handlers.path(Handlers.redirect("/")).addPrefixPath("/", servletHandler);
Undertow server = Undertow.builder()
.addHttpListener(8080, "0.0.0.0")
.setHandler(path)
.build();
server.start();
}
}
Does anyone know how to properly configure websockets support so that it
works with Atmosphere Framework?
Complete example can be seen here:
https://github.com/djotanov/atmosphere-undertow
Regards,
Dragan
10 years, 6 months
Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?
by Jérôme LELEU
Hi,
I'm the creator of pac4j and we would be happy to receive a new
contribution.
I don't know Keycloak, but the only "constraint" is that it respects more
or less the general flow : redirect the user to the provider,
authentication, be redirected back to the application, retrieve the user
profile...
The main advantage of integrating Keycloak into pac4j is that it would
become available subsequently in:
- any J2E application
- any Shiro application
- any Spring Security application
- any Play application
- the CAS server
- any Ratpack application
- any Vertx application (soon I hope)
- any Undertow application (soon I hope).
Open a discussion on the pac4j-dev mailing list:
https://groups.google.com/forum/?fromgroups#!forum/pac4j-dev or send a pull
request to: https://github.com/leleuj/pac4j...
Thanks.
Best regards,
Jérôme
---------- Message transféré ----------
> De : "Bill Burke" <bburke(a)redhat.com>
> Date : 12 mai 2014 17:39
> Objet : Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client
> protocol support?
> À : <undertow-dev(a)lists.jboss.org>
> Cc :
>
> If I wrote a pac4j module for Keycloak [1], it could be accepted and
> distributed with pac4j?
>
> [1] http://keycloak.org
>
>
> On 5/12/2014 11:32 AM, Michaël REMOND wrote:
> > Hi,
> >
> > I currently contribute to a Java library from Jerome Leleu, able to
> > protect applications and delegate authentications to various identity
> > providers. It currently supports 5 different protocols: CAS, OAuth,
> > OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
> > Google, Yahoo...) through a very simple and unified API accross
> > protocols/JVM frameworks: https://github.com/leleuj/pac4j.
> >
> > The pac4j librairies are used in various JVM frameworks with the
> > appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
> > Although the core pac4j librairies gathers "a lot of" code (300 classes,
> > 26000 lines of source code), the implementations to specific JVM
> > frameworks are pretty straigtforward: from 4 classes for Spring Security
> > to 11 classes for Play Framework 2.x.
> >
> > We are currently targeting new plateforms and especially async one; we
> > got an implementation from ratpack (http://www.ratpack.io/) and we
> > discussed also with the guys from vert.x. They gave us some ideas in
> > order to improve our library by becoming more "reactive".
> >
> > I think that pac4j could be helpful for the Undertow community too by
> > bringing client multi-protocols support.
> >
> > I looked at the security model from Undertow and I start to think about
> > a possible integration by developing a "Pac4jAuthenticationMechanism".
> >
> > What do you think about such development? Are you interested in a demo
> > app showing how this could work? Do you have suggestions?
> >
> > Thanks.
> > Best regards,
> > Michael Remond
> >
> >
> > _______________________________________________
> > undertow-dev mailing list
> > undertow-dev(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/undertow-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
10 years, 6 months
Re: [undertow-dev] Web Sockets Question
by Jason T. Greene
Moving to undertow.
I'm not sure I follow your description of the problem. However you may be experiencing a discarded SYN, which could be caused by a firewall like iptables, and the end result is a very long timeout on the client.
You can determine this by doing a netstat on the client, and seeing if the connection is in SYN_SENT
> On May 12, 2014, at 4:48 PM, Hamed Hatami <hamedhatami2012(a)gmail.com> wrote:
>
> Hi,
>
> I wanna manage my websocket connection or session when to connecttoserver at undertow by java client and when the server is not available , the client try to connect without exception and there is not any timeout to handle it
>
> Please help me
>
> Regards,
> Hamed Hatami
>
>> On May 13, 2014 1:57 AM, "Jason Greene" <jason.greene(a)redhat.com> wrote:
>> After the tag of CR2, master is now officially 9.x. Only blocker level patches for 8.1.0.Final will be accepted for the new 8.x branch.
>>
>> Thanks!
>>
>> --
>> Jason T. Greene
>> WildFly Lead / JBoss EAP Platform Architect
>> JBoss, a division of Red Hat
>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
10 years, 6 months
Tls renegotiation from inside of servlet?
by Marc Boorshtein
Does undertow have a way that I could trigger a tls renegotiation from
inside of a servlet/filter? (Ie to request a client certificate)
Thanks
Marc
10 years, 6 months
