[keycloak-dev] security proxy prototype

Bill Burke bburke at redhat.com
Fri Nov 21 08:44:36 EST 2014



On 11/21/2014 8:25 AM, Stan Silvert wrote:
> On 11/20/2014 10:07 PM, Bill Burke wrote:
>> I was bored of writing adapters, so I decided to take a break and build
>> a security proxy.  Prototype is functional, but still needs some work.
>>
>> You can secure any HTTP based app or service with zero changes to the
>> proxied app.  You just specify the host port of the server and then
>> web.xml-like security constraints.  I was able to re-use everything we
>> had so far.  Undertow was insanely modular and already had everything I
>> needed to piece things together.
>>
>> Left to do?  Testing all constraint parameters, build a config parser
>> and format, and build a distro.  Should take 1 or 2 more days for all of
>> that.
>>
>> As a side effect, we now have a pure Undertow adapter.
> I thought I already refactored our Undertow adapter to be pure?
>
> This sounds way cool though.  I love stuff that doesn't require changes
> to the app.  At some point, I'd like to look into controlling this from
> the subystem.

I'm not sure running the proxy inside of Wildfly brings any value. 
Because of SSL, you'll probably only have one proxy server per domain 
you are proxying.  And the wildfly server would only be used as a proxy. 
  Overkill.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list