[jboss-as7-dev] Delegating web auth to a security domain
Anil Saldhana
Anil.Saldhana at redhat.com
Mon Sep 17 13:38:29 EDT 2012
Bill,
do you links to the REST based API from OpenStack?
Cheers.
On 09/17/2012 09:22 AM, Anil Saldhana wrote:
> On 09/12/2012 05:40 PM, Bill Burke wrote:
>> I've written a very small library that allows you to fully delegate
>> authentication to a security domain/login module. I implemented this to
>> support integration with a RESTful token service (Openstack Keystone).
>>
>> https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-key-idm/login-module-authenticator/src/main/java/org/jboss/security/web
>>
>> AFAICT, you pretty much have to go through the Realm/Security domain
>> execution path if you want principals and roles set up correctly to work
>> with EE security. So doing all protocol work in the Valve just wasn't
>> gonna cut it. This small library tunnels the catalina Request object (so
>> you can access info not in HTtpServletRequest) as well as a
>> HttpServletRespones via a ThreadLocal. Thats about it.
>>
>> What I'd also like to do is write a web metadata processor that allowed
>> you to set the auth-method in web.xml to something like:
>>
>> <login-config>
>> <auth-method>Securty Domain</auth-method>
>> <realm-name>java://jaas/myDomain</realm-name>
>> </login-config>
> Remove the java:/jaas prefix. Just keep the domain name.
>> And it would automatically set up the correct valve and security domain
>> so you wouldn't have to create a jboss-web.xml. If there is interest
>> I'll add this and submit a pull request to AS7. Otherwise, I'll just
>> keep doing what I'm doing.
> This should help usability.
More information about the jboss-as7-dev
mailing list