On Thu, Oct 16, 2014 at 2:04 PM, Marc Boorshtein
Thanks everyone. So would the beat approach be to use a http and let
invoke a jaspic class or to invoke an undertow authentication class?
I'd personally say JASPIC. The advantage it that it's a standardized
SPI/API, which means it very likely won't suddenly change in a major
incompatible way between JBoss versions.
Also note that the HttpHandler (and before that a Valve) is not an
authentication class perse, but a general mechanism. Using an
HttpHandler though gives you access to some very low-level Undertow
mechanics, that you won't be able to access from higher level and more
general JASPIC authentication modules.
As a middle ground; I've seen a couple of JASPIC authentication
modules that casted the HTTPServletRequest to a JBoss specific one and
then did some things with it that the plain Servlet API doesn't allow,
and ones that were combined with a Valve (JBoss EAP 6 and before).
JBoss themselves have published 3 JASPIC authentication modules where
they use this hybrid approach, see e.g.
But I'd suggest starting with the plain JASPIC/Servlet APIs first and
only going JBoss specific when really needed.
On Oct 16, 2014 7:16 AM, "Tomaž Cerar" <tomaz.cerar(a)gmail.com> wrote:
> On Thu, Oct 16, 2014 at 12:47 AM, Stuart Douglas <sdouglas(a)redhat.com>
>> The equivalent of a valve is a HttpHandler, you can wire them up
>> programatically via jboss-web.xml, something like:
> Or since upcoming wildfly 8.2 and 9 it is also possible as global
> configuration in undertow subsystem
> <host name="default-host" alias="localhost, some.host"
> <location name="/" handler="welcome-content">
> <filter-ref name="custom-filter"/>
> <filter name="custom-filter"
> module="io.undertow.core" />
undertow-dev mailing list