Re: [undertow-dev] resteasy oauth undertow security requirements

Bill Burke wrote: > > I'm limited what I can do with my implementation right now because there > is no way to store additional metadata beyond user, password, and role > mappings. I can port what I have as-is to work under embedded > mode/testing mode, but a more rich IDM API would be needed for advanced > features. Is this just the ability to store arbitrary attributes under a user account, and the getRoles() method? If this is all you require I think we can just add them into the Undertow IDM interface.

>>> Well, this was pretty simple with a JBossWeb valve. Because one valve >>> instance is instantiated per web app, I could just have a >>> concurrenthashmap store this information and spawn a very low priority >>> thread to reap unused entries. You could do the same thing in Undertow, but it just depends if you would ever want to examine/manage this state in your admin console, in which case it would probably need something more.