[jboss-as7-dev] Delegating web auth to a security domain
Bill Burke
bburke at redhat.com
Wed Sep 12 18:40:42 EDT 2012
I've written a very small library that allows you to fully delegate
authentication to a security domain/login module. I implemented this to
support integration with a RESTful token service (Openstack Keystone).
https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/login-module-authenticator/src/main/java/org/jboss/security/web
AFAICT, you pretty much have to go through the Realm/Security domain
execution path if you want principals and roles set up correctly to work
with EE security. So doing all protocol work in the Valve just wasn't
gonna cut it. This small library tunnels the catalina Request object (so
you can access info not in HTtpServletRequest) as well as a
HttpServletRespones via a ThreadLocal. Thats about it.
What I'd also like to do is write a web metadata processor that allowed
you to set the auth-method in web.xml to something like:
<login-config>
<auth-method>Securty Domain</auth-method>
<realm-name>java://jaas/myDomain</realm-name>
</login-config>
And it would automatically set up the correct valve and security domain
so you wouldn't have to create a jboss-web.xml. If there is interest
I'll add this and submit a pull request to AS7. Otherwise, I'll just
keep doing what I'm doing.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the jboss-as7-dev
mailing list