Hello,

I make a follow-up on this thread as I received no feedback on my pac4j binding proposal.

Are you interested in this authentication library? Can we improve its design?

Thank you for your help

Regards,
Michaël

2014-05-27 20:02 GMT+02:00 Michaël REMOND <michaelremond@gmail.com>:
Hello dear Community,

I made a first draft of what could be a pac4j binding for Undertow. You can find our standard demo application here https://github.com/pac4j/undertow-pac4j-demo. You can test several different authentication providers (facebook, twitter, form, CAS, SAML...).

I'd like to share some implementation details with you:
 - I implemented a new AuthenticationMechanism delegating the authentication to a pac4j client; so this mechanism is rather "generic" in regards to what you got in undertow (one for basic auth, one for form...)
 - pac4j needs a session mechanism so I used the Undertow SessionManager to store some attributes but also the User Profile once the user is successfully authenticated
 - pac4j also needs a callback url to finish the authentication process so I developped a dedicated handler
 - finally I used the EagerFormParsingHandler to grab the required POSTed data

To conclude I have to say I really appreciated the maturity of the framework because it was pretty straightforward to play with all the concepts and the ability to change from the IO thread to the dispatcher is really powerfull.

Jérôme and I are really interrested to get your feedback on this work. Does this binding makes sense to you? How can we improve this work to fit perfectly in Undertow and how can we extract a viable library from the demo?

Thank you for your help,

Regards,
Michaël



2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas@redhat.com>:
This does sound pretty cool. I would start by looking at the existing authenticator implementations and the security docs at

http://undertow.io/documentation/core/security.html

Stuart

Michaël REMOND wrote:
Hi,

I currently contribute to a Java library from Jerome Leleu, able to
protect applications and delegate authentications to various identity
providers. It currently supports 5 different protocols: CAS, OAuth,
OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
Google, Yahoo...) through a very simple and unified API accross
protocols/JVM frameworks: https://github.com/leleuj/pac4j.

The pac4j librairies are used in various JVM frameworks with the
appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
Although the core pac4j librairies gathers "a lot of" code (300 classes,
26000 lines of source code), the implementations to specific JVM
frameworks are pretty straigtforward: from 4 classes for Spring Security
to 11 classes for Play Framework 2.x.

We are currently targeting new plateforms and especially async one; we
got an implementation from ratpack (http://www.ratpack.io/) and we
discussed also with the guys from vert.x. They gave us some ideas in
order to improve our library by becoming more "reactive".

I think that pac4j could be helpful for the Undertow community too by
bringing client multi-protocols support.

I looked at the security model from Undertow and I start to think about
a possible integration by developing a "Pac4jAuthenticationMechanism".

What do you think about such development? Are you interested in a demo
app showing how this could work? Do you have suggestions?

Thanks.
Best regards,
Michael Remond

_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev