Re: [undertow-dev] Authentication layer in Undertow + Resteasy
Hi,
On Sunday, January 4, 2015, Antoine Girard <antoine(a)team51.nl> wrote:
I had a little try with adding a ServletExtension into the
deployment,
with a custom AuthenticationMechanism, but I couldn't achieve what is
described above, as it is really jax-rs specific.
I haven't seen a lot of people on the internet doing what I have described
above... that's why I am not that confident! I am indeed bypassing all the
security layer already available in Undertow. I feel I am missing the
elephant in the room...
Maybe the name of that elephant is JASPIC ;)
Take a look at
http://arjan-tijms.omnifaces.org/2014/11/header-based-stateless-token.html
It's an authentication module that integrates fully with container
security, and can be registered either from within the app (as the sample
in the link above demonstrates) or more traditionally at the container
level.
Undertow has really good support for JASPIC and the default stateless mode
makes it ideal to be used with JAX-RS.
Kind regards,
Arjan Tijms
What do you think about that approach?
Thank you all in advance.
Best regards,
Antoine
Attachments:
- attachment.html (text/html — 1.8 KB)