7:32 a.m.
Hello,
recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high speed) should be
running on WildFly 11.
Up until now, we had the integration based on 10.1.0.Final but for several reasons we want
to move to 11.
There were some changes and I figured out most of them but I am lost when it comes to
security.
I know Elytron was added but I don't know a damn thing about it - could anyone lend a
hand here, please?
The code is now located at this branch[1] and the very last commit shows the integration
done.
Vast majority is just taken from previous integration with 10.1.0.Final (branch
10.1.0.Final-weld3).
The part I am concerned about is
weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java
[2]
'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking the
other methods should perhaps be adjusted as well?
But then again, I have no idea how to do that with Elytron... a penny for your thoughts?
Regards
Matej
____________________________________________________________________________________________________________________________________
[1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
[2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem...
[3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem...
6:10 p.m.
So looking at the code I am not sure if this is possible to adapt to
Elytron without an API change on the Weld side of things.
This issue is in the Weld SecurityContext, which just as associate and
disassociate methods, while elytron uses a more functional approach.
I think this API needs to be change so SecurityContext just has a
run(PrivilidgedExceptionAction action) method, where the implementation
would look something like:
elytronDomain.getCurrentSecurityIdentity().runAs(action)
Not sure how hard to do this will be from the Weld side and I am not sure
how this method is actually used.
Stuart
On Mon, Apr 24, 2017 at 10:32 PM, Matej Novotny <manovotn(a)redhat.com> wrote:
Hello,
recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high
speed) should be running on WildFly 11.
Up until now, we had the integration based on 10.1.0.Final but for several
reasons we want to move to 11.
There were some changes and I figured out most of them but I am lost when
it comes to security.
I know Elytron was added but I don't know a damn thing about it - could
anyone lend a hand here, please?
The code is now located at this branch[1] and the very last commit shows
the integration done.
Vast majority is just taken from previous integration with 10.1.0.Final
(branch 10.1.0.Final-weld3).
The part I am concerned about is weld/subsystem/src/main/java/
org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java [2]
'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking
the other methods should perhaps be adjusted as well?
But then again, I have no idea how to do that with Elytron... a penny for
your thoughts?
Regards
Matej
____________________________________________________________
________________________________________________________________________
[1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
[2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
WeldSecurityServices.java
[3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
WeldSecurityServices.java#L69
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
12:26 a.m.
Hi Stuart,
that's pretty much what we did (Darran reached out to us already).
On API side, we added a method returning a consumer[1].
And on WildFly side this is then implemented via runAs(consumer)[2].
Thanks for answering
Matej
____________________________________________________________________________________-
[1]https://github.com/weld/api/blob/master/weld-spi/src/main/java/org/jbos...
[2]https://github.com/manovotn/wildfly/blob/weld2380/weld/subsystem/src/ma...
----- Original Message -----
From: "Stuart Douglas" <stuart.w.douglas(a)gmail.com>
To: "Matej Novotny" <manovotn(a)redhat.com>
Cc: "WildFly Dev" <wildfly-dev(a)lists.jboss.org>
Sent: Monday, May 1, 2017 1:10:16 AM
Subject: Re: [wildfly-dev] Weld 3 & Wildfly 11 integration - help with security
needed
So looking at the code I am not sure if this is possible to adapt to
Elytron without an API change on the Weld side of things.
This issue is in the Weld SecurityContext, which just as associate and
disassociate methods, while elytron uses a more functional approach.
I think this API needs to be change so SecurityContext just has a
run(PrivilidgedExceptionAction action) method, where the implementation
would look something like:
elytronDomain.getCurrentSecurityIdentity().runAs(action)
Not sure how hard to do this will be from the Weld side and I am not sure
how this method is actually used.
Stuart
On Mon, Apr 24, 2017 at 10:32 PM, Matej Novotny <manovotn(a)redhat.com> wrote:
> Hello,
>
> recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high
> speed) should be running on WildFly 11.
> Up until now, we had the integration based on 10.1.0.Final but for several
> reasons we want to move to 11.
>
> There were some changes and I figured out most of them but I am lost when
> it comes to security.
> I know Elytron was added but I don't know a damn thing about it - could
> anyone lend a hand here, please?
>
> The code is now located at this branch[1] and the very last commit shows
> the integration done.
> Vast majority is just taken from previous integration with 10.1.0.Final
> (branch 10.1.0.Final-weld3).
> The part I am concerned about is weld/subsystem/src/main/java/
> org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java [2]
> 'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking
> the other methods should perhaps be adjusted as well?
> But then again, I have no idea how to do that with Elytron... a penny for
> your thoughts?
>
> Regards
> Matej
>
> ____________________________________________________________
> ________________________________________________________________________
> [1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
> [2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
> weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
> WeldSecurityServices.java
> [3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
> weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
> WeldSecurityServices.java#L69
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
2747
days inactive
2755
days old
2 comments
2 participants
participants (2)
-
Matej Novotny -
Stuart Douglas