1:04 a.m.
----- Original Message -----
From: "Michaël REMOND" <michaelremond(a)gmail.com>
To: "Stuart Douglas" <sdouglas(a)redhat.com>
Cc: undertow-dev(a)lists.jboss.org, "Jérôme LELEU" <leleuj(a)gmail.com>
Sent: Wednesday, 29 October, 2014 8:28:53 PM
Subject: Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?
Hello,
I make a follow-up on this thread as I received no feedback on my pac4j
binding proposal.
Sorry, I mean't to look at this but it slipped through the cracks.
Are you interested in this authentication library? Can we improve its
design?
I had a quick look through the code and for the most part it looks good. One thing that I
would suggest changing is removing the static configuration, as it does not generally work
very well in an application server environment where multiple deployments would be using
it.
I don't think something like this really belongs in Undertow core though. Maybe I
should add a related projects section to the undertow.io site and link it there?
Stuart
Thank you for your help
Regards,
Michaël
2014-05-27 20:02 GMT+02:00 Michaël REMOND <michaelremond(a)gmail.com>:
> Hello dear Community,
>
> I made a first draft of what could be a pac4j binding for Undertow. You
> can find our standard demo application here
> https://github.com/pac4j/undertow-pac4j-demo. You can test several
> different authentication providers (facebook, twitter, form, CAS, SAML...).
>
> I'd like to share some implementation details with you:
> - I implemented a new AuthenticationMechanism delegating the
> authentication to a pac4j client; so this mechanism is rather "generic"
in
> regards to what you got in undertow (one for basic auth, one for form...)
> - pac4j needs a session mechanism so I used the Undertow SessionManager
> to store some attributes but also the User Profile once the user is
> successfully authenticated
> - pac4j also needs a callback url to finish the authentication process so
> I developped a dedicated handler
> - finally I used the EagerFormParsingHandler to grab the required POSTed
> data
>
> To conclude I have to say I really appreciated the maturity of the
> framework because it was pretty straightforward to play with all the
> concepts and the ability to change from the IO thread to the dispatcher is
> really powerfull.
>
> Jérôme and I are really interrested to get your feedback on this work.
> Does this binding makes sense to you? How can we improve this work to fit
> perfectly in Undertow and how can we extract a viable library from the
> demo?
>
> Thank you for your help,
>
> Regards,
> Michaël
>
>
>
> 2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas(a)redhat.com>:
>
>> This does sound pretty cool. I would start by looking at the existing
>> authenticator implementations and the security docs at
>>
>> http://undertow.io/documentation/core/security.html
>>
>> Stuart
>>
>> Michaël REMOND wrote:
>>
>>> Hi,
>>>
>>> I currently contribute to a Java library from Jerome Leleu, able to
>>> protect applications and delegate authentications to various identity
>>> providers. It currently supports 5 different protocols: CAS, OAuth,
>>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
>>> Google, Yahoo...) through a very simple and unified API accross
>>> protocols/JVM frameworks: https://github.com/leleuj/pac4j.
>>>
>>> The pac4j librairies are used in various JVM frameworks with the
>>> appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
>>> Although the core pac4j librairies gathers "a lot of" code (300
classes,
>>> 26000 lines of source code), the implementations to specific JVM
>>> frameworks are pretty straigtforward: from 4 classes for Spring Security
>>> to 11 classes for Play Framework 2.x.
>>>
>>> We are currently targeting new plateforms and especially async one; we
>>> got an implementation from ratpack (http://www.ratpack.io/) and we
>>> discussed also with the guys from vert.x. They gave us some ideas in
>>> order to improve our library by becoming more "reactive".
>>>
>>> I think that pac4j could be helpful for the Undertow community too by
>>> bringing client multi-protocols support.
>>>
>>> I looked at the security model from Undertow and I start to think about
>>> a possible integration by developing a
"Pac4jAuthenticationMechanism".
>>>
>>> What do you think about such development? Are you interested in a demo
>>> app showing how this could work? Do you have suggestions?
>>>
>>> Thanks.
>>> Best regards,
>>> Michael Remond
>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>