[keycloak-dev] security proxy prototype

Bill Burke bburke at redhat.com
Tue Nov 25 14:55:31 EST 2014


I don't see the similarity to PL HTTP Security.  You use this when there 
is no Keycloak adapter for your environment (i.e. python, ruby, etc.). 
Take a look at our code [1] The proxy was ridiculously easy to implement 
and used our existing Undertow authentication plugin.

Using PL HTTP Security would be overkill, wouldn't work because the 
servlet API isn't used by Undertow's proxy impl, and would require me to 
write an adapter specific to the PL HTTP Security Auth SPI (which I'm 
not convinced can handle OAuth).

[1] https://github.com/keycloak/keycloak/tree/master/proxy


On 11/25/2014 2:15 PM, Pedro Igor Silva wrote:
> Bill,
>
>     Is not that similar with PicketLink's Http Security [1] ?
>
>     Of course, your work is providing that from outside the app. While in PicketLink you need the configuration in your app. But that can be easily changed.
>
> [1] http://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Http_Security
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Friday, November 21, 2014 1:58:10 PM
> Subject: Re: [keycloak-dev] security proxy prototype
>
>
>
> On 11/21/2014 10:35 AM, Stan Silvert wrote:
>> On 11/21/2014 8:48 AM, Bill Burke wrote:
>>>
>>> On 11/21/2014 8:25 AM, Stan Silvert wrote:
>>>>> As a side effect, we now have a pure Undertow adapter.
>>>> I thought I already refactored our Undertow adapter to be pure?
>>>>
>>> I didn't see an adapter.  Just abstract classes.
>>>
>> Ah, you are right.  I got rid of the dependency on the Servlet API but I
>> never provided a concrete extension of UndertowKeycloakAuthMech.
>>
>> I've actually got one on my local box.  Should I add it to the Undertow
>> adapter?
>
> I already did it and already use it in the proxy.
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list