4:19 a.m.
Hi,
Currently one has to "activate" JASPIC in WildFly by doing two things:
1. Adding a generic "dummy" security domain to standalone.xml
2. Referencing this domain from a jboss-web.xml within the application
archive
I wonder if it would make sense to put the generic jaspic security domain
by default in standalone.xml. It's always the same anyway. With the domain
present in a stock WildFly it's much easier for people to start with JASPIC
on WildFly.
It concerns this fragment:
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
Kind regards,
Arjan Tijms
3:37 a.m.
Hi,
On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <arjan.tijms(a)gmail.com> wrote:
I wonder if it would make sense to put the generic jaspic security
domain
by default in standalone.xml. It's always the same anyway. With the domain
present in a stock WildFly it's much easier for people to start with JASPIC
on WildFly.
Anyone has any thoughts on this?
WildFly currently has one of the best JASPIC implementations out there, but
this relatively tiny problem is a big hurdle for usability, and especially
impedes using WildFly for JSR 375 demonstrations.
Hope something can be done here.
Kind regards,
Arjan Tijms
It concerns this fragment:
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
Kind regards,
Arjan Tijms
3:40 a.m.
I will have a look at what we can do, as we are transitioning to Elytron
long term we should be aiming to avoid all workarounds like this.
On 04/11/15 09:37, arjan tijms wrote:
Hi,
On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <arjan.tijms(a)gmail.com
<mailto:arjan.tijms@gmail.com>> wrote:
I wonder if it would make sense to put the generic jaspic security
domain by default in standalone.xml. It's always the same anyway.
With the domain present in a stock WildFly it's much easier for
people to start with JASPIC on WildFly.
Anyone has any thoughts on this?
WildFly currently has one of the best JASPIC implementations out there,
but this relatively tiny problem is a big hurdle for usability, and
especially impedes using WildFly for JSR 375 demonstrations.
Hope something can be done here.
Kind regards,
Arjan Tijms
It concerns this fragment:
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
Kind regards,
Arjan Tijms
3:57 a.m.
Thanks a lot in advance!
Any idea on the Elytron timeline btw? Is that post EAP 7 or earlier?
Kind regards,
Arjan Tijms
On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <
darran.lofthouse(a)jboss.com> wrote:
I will have a look at what we can do, as we are transitioning to
Elytron
long term we should be aiming to avoid all workarounds like this.
On 04/11/15 09:37, arjan tijms wrote:
> Hi,
>
> On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <arjan.tijms(a)gmail.com
> <mailto:arjan.tijms@gmail.com>> wrote:
>
> I wonder if it would make sense to put the generic jaspic security
> domain by default in standalone.xml. It's always the same anyway.
> With the domain present in a stock WildFly it's much easier for
> people to start with JASPIC on WildFly.
>
>
> Anyone has any thoughts on this?
>
> WildFly currently has one of the best JASPIC implementations out there,
> but this relatively tiny problem is a big hurdle for usability, and
> especially impedes using WildFly for JSR 375 demonstrations.
>
> Hope something can be done here.
>
> Kind regards,
> Arjan Tijms
>
>
>
>
> It concerns this fragment:
>
> <security-domain name="jaspitest"
cache-type="default">
> <authentication-jaspi>
> <login-module-stack name="dummy">
> <login-module code="Dummy"
flag="optional"/>
> </login-module-stack>
> <auth-module code="Dummy"/>
> </authentication-jaspi>
> </security-domain>
>
> Kind regards,
> Arjan Tijms
>
>
>
4:43 a.m.
Probably EAP 7.1 according to the latest info that I've got on elytron
hipchat.
>>>>>>>>>>
Sorry by bother you guys, but what is the target distribution of the
elytron, replacing JAAS among the other authentication methods?
Darran Lofthouse·10:06 AM
By using names I could even see us providing organisations a way to
coordinate transitioning users passwords
David M. Lloyd·10:07 AM
or even having different passwords for different situations
Darran Lofthouse·10:12 AM
Elytron replaces JAAS as the integration point with the backing store of
identities, in addition to that is also provides a set of strong
authenitcation mechanisms for both HTTP and native access - other features
will be identity propagation of identities between processes and a general
imporovement of overall security context handling.
Here is the follow up issue for getCredentialSupport
https://issues.jboss.org/browse/ELY-299
Eduardo Sant'Ana da Silva·10:14 AM
I saw that it will be on EAP 7 as well, thanks for the information
David M. Lloyd·10:15 AM
EAP 7.1 probably, but yes
2015-11-04 7:57 GMT-02:00 arjan tijms <arjan.tijms(a)gmail.com>:
Thanks a lot in advance!
Any idea on the Elytron timeline btw? Is that post EAP 7 or earlier?
Kind regards,
Arjan Tijms
On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <
darran.lofthouse(a)jboss.com> wrote:
> I will have a look at what we can do, as we are transitioning to Elytron
> long term we should be aiming to avoid all workarounds like this.
>
>
> On 04/11/15 09:37, arjan tijms wrote:
>
>> Hi,
>>
>> On Fri, Oct 30, 2015 at 10:19 AM, arjan tijms <arjan.tijms(a)gmail.com
>> <mailto:arjan.tijms@gmail.com>> wrote:
>>
>> I wonder if it would make sense to put the generic jaspic security
>> domain by default in standalone.xml. It's always the same anyway.
>> With the domain present in a stock WildFly it's much easier for
>> people to start with JASPIC on WildFly.
>>
>>
>> Anyone has any thoughts on this?
>>
>> WildFly currently has one of the best JASPIC implementations out there,
>> but this relatively tiny problem is a big hurdle for usability, and
>> especially impedes using WildFly for JSR 375 demonstrations.
>>
>> Hope something can be done here.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>
>> It concerns this fragment:
>>
>> <security-domain name="jaspitest"
cache-type="default">
>> <authentication-jaspi>
>> <login-module-stack name="dummy">
>> <login-module code="Dummy"
flag="optional"/>
>> </login-module-stack>
>> <auth-module code="Dummy"/>
>> </authentication-jaspi>
>> </security-domain>
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
--
__________________________
Eduardo Sant'Ana da Silva - Dr.
Pesquisador / Consultor de TI
8:10 a.m.
Hi,
On Wed, Nov 4, 2015 at 10:40 AM, Darran Lofthouse <
darran.lofthouse(a)jboss.com> wrote:
I will have a look at what we can do,
Did you already had a chance to look at this?
And any idea of the direction? A new attribute in jboss-web.xml? Actually
adding the security domain as proposed, or something else?
Kind regards,
Arjan Tijms
3293
days inactive
3310
days old
5 comments
3 participants
participants (3)
-
arjan tijms -
Darran Lofthouse -
Eduardo Sant´Ana da Silva