[keycloak-dev] security proxy prototype
Pedro Igor Silva
psilva at redhat.com
Tue Nov 25 15:06:02 EST 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, November 25, 2014 5:55:31 PM
> Subject: Re: [keycloak-dev] security proxy prototype
>
> I don't see the similarity to PL HTTP Security. You use this when there
> is no Keycloak adapter for your environment (i.e. python, ruby, etc.).
> Take a look at our code [1] The proxy was ridiculously easy to implement
> and used our existing Undertow authentication plugin.
>
> Using PL HTTP Security would be overkill, wouldn't work because the
> servlet API isn't used by Undertow's proxy impl, and would require me to
> write an adapter specific to the PL HTTP Security Auth SPI (which I'm
> not convinced can handle OAuth).
>
> [1] https://github.com/keycloak/keycloak/tree/master/proxy
>From a functional perspective they are similar. From an implementation perspective, yes, they are different. PL one is based on servlet api and that is a blocker for you.
I was just curious if the idea was the same. Protect paths based on certain constraints.
>
>
> On 11/25/2014 2:15 PM, Pedro Igor Silva wrote:
> > Bill,
> >
> > Is not that similar with PicketLink's Http Security [1] ?
> >
> > Of course, your work is providing that from outside the app. While in
> > PicketLink you need the configuration in your app. But that can be
> > easily changed.
> >
> > [1]
> > http://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Http_Security
> >
> > ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Friday, November 21, 2014 1:58:10 PM
> > Subject: Re: [keycloak-dev] security proxy prototype
> >
> >
> >
> > On 11/21/2014 10:35 AM, Stan Silvert wrote:
> >> On 11/21/2014 8:48 AM, Bill Burke wrote:
> >>>
> >>> On 11/21/2014 8:25 AM, Stan Silvert wrote:
> >>>>> As a side effect, we now have a pure Undertow adapter.
> >>>> I thought I already refactored our Undertow adapter to be pure?
> >>>>
> >>> I didn't see an adapter. Just abstract classes.
> >>>
> >> Ah, you are right. I got rid of the dependency on the Servlet API but I
> >> never provided a concrete extension of UndertowKeycloakAuthMech.
> >>
> >> I've actually got one on my local box. Should I add it to the Undertow
> >> adapter?
> >
> > I already did it and already use it in the proxy.
> >
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
More information about the keycloak-dev
mailing list