Re: [undertow-dev] Asynchronous AuthenticationMechanism
The issue with a database is that there is basically no way to do an
async lookup with JDBC. It is possible the DB might provide async
drivers that you can use.
The main reason why the IdentityManager uses a blocking API is because
the vast majority of java implementations will be blocking (databases,
ldap etc), although we may look at doing a non blocking version at
some point in the future.
There is actually nothing really 'special' about SecurityContext,
IdentityManager etc, its just that the existing security handlers (and
most importantly Servlet security) are implemented in terms of this.
Depending on your requirements you can replace part or all of this.
For example you could use a handler earlier in the chain to verify the
user via a non blocking DB lookup, then just call
SecurityContext.authenticationComplete() to set the current user if
you want to use the existing security handlers.
Stuart
On Tue, Jul 5, 2016 at 10:29 AM, Oliver Dain <oliver(a)analyticspot.com> wrote:
The docs for security
(http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#security)
say:
> Security within Undertow is implemented as a set of asynchronous handlers
> and a set of authentication mechanisms co-ordinated by these handlers.
However, it appears that the IdentityManager and AuthenticationMechanism
APIs are synchronous. For example, suppose I want to do simple
username/password authentication using FormAuthenticationMechanism. That
will use the IdentityManager on the SecurityContext to determine if the
username/password is valid. For me that would require a database lookup and
I'd like to do that asynchronously. However, the IdentityManager.verify API
requires an immediate response so I have to do a block database lookup.
Since I've been super careful to do everything in all my handlers async and
have exactly 1 thread per core this seems like a significant stumbling
block.
2 questions:
1. Is there a way to do something like I'm describing in an async manner?
2. Why is security "special" using a SecurityContext, different APIs, etc.
Couldn't it all have been implemented in terms of regular HttpHandler? That
would make it the API smaller and make it possible to do async
authentication.
Thanks,
Oliver
--
CTO, Analytic Spot
44 West Broadway #222
Eugene, OR 97401
analyticspot.com • 425-296-6556
www.linkedin.com/in/oliverdain
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev