[jboss-as7-dev] Delegating web auth to a security domain
Anil Saldhana
Anil.Saldhana at redhat.com
Mon Sep 17 10:22:16 EDT 2012
On 09/12/2012 05:40 PM, Bill Burke wrote:
> I've written a very small library that allows you to fully delegate
> authentication to a security domain/login module. I implemented this to
> support integration with a RESTful token service (Openstack Keystone).
>
> https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/login-module-authenticator/src/main/java/org/jboss/security/web
>
> AFAICT, you pretty much have to go through the Realm/Security domain
> execution path if you want principals and roles set up correctly to work
> with EE security. So doing all protocol work in the Valve just wasn't
> gonna cut it. This small library tunnels the catalina Request object (so
> you can access info not in HTtpServletRequest) as well as a
> HttpServletRespones via a ThreadLocal. Thats about it.
>
> What I'd also like to do is write a web metadata processor that allowed
> you to set the auth-method in web.xml to something like:
>
> <login-config>
> <auth-method>Securty Domain</auth-method>
> <realm-name>java://jaas/myDomain</realm-name>
> </login-config>
Remove the java:/jaas prefix. Just keep the domain name.
>
> And it would automatically set up the correct valve and security domain
> so you wouldn't have to create a jboss-web.xml. If there is interest
> I'll add this and submit a pull request to AS7. Otherwise, I'll just
> keep doing what I'm doing.
This should help usability.
More information about the jboss-as7-dev
mailing list