Re: [undertow-dev] Principal mapping after authentication
At the moment we don't have the ability to do this, but we could potentially add it.
It does get a bit tricky however, say we just expand the SecurityNotification mechanism to
allow you to wrap the account after login. This would work from Undertow's
perspective, however it is likely that there is other code that expects the account to be
of a certain type, that will now fail because of the wrapper.
We would also have to look carefully at how this would with with the
JAASIdentityManagerImpl in the Wildfly code base, as it appears that we will be stuck with
that for a while yet. To make this work properly with the rest of Wildfly we would
probably actually need to implement this inside the JAAS IDM itself, to make sure the
Picketbox SecurityContext is setup correctly.
Stuart
----- Original Message -----
From: "Anil Saldhana" <Anil.Saldhana(a)redhat.com>
To: undertow-dev(a)lists.jboss.org
Sent: Tuesday, 3 September, 2013 4:58:25 PM
Subject: [undertow-dev] Principal mapping after authentication
Hi All,
one of the challenges we had with JBossWeb was principal mapping
after authentication. It was hard as hell to do that. I wished for a
mechanism where the authentication call would have a post authentication
callback to see if the original principal has been mapped to something
else. This is a use case seen in integration with third party security
systems including commercial vendors.
I have not dug into Undertow security codebase to see if this is
possible yet but I wanted to put this to the dev list so that we can
discuss it.
Regards,
Anil
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev