[resteasy-dev] Rest Easy Authentication Trigger

Darran Lofthouse darran.lofthouse at jboss.com
Tue Nov 5 06:13:10 EST 2019


Ok thank you.

I think I will speak to you more once I have this initial MicroProfile JWT
integration complete.  One of the motivations of MP-JWT is the ability to
add an annotation to the Application to activate the mechanism whilst
avoiding the need to edit the web.xml.  However two updates are still
required to the web.xml to make authentication mandatory (which is
restricted to being path based) and to enable access control.

Those remaining two point I think we can discuss but it may also be worth
raising in the MicroProfile group to see if there is interest in getting
the behaviour spec defined.

Regards,
Darran Lofthouse.


On Tue, Nov 5, 2019 at 12:40 AM Ron Sigal <rsigal at redhat.com> wrote:

> I haven't interacted with that piece of RESTEasy. Purely Bill Burke, I
> would think.
> On 11/4/19 4:37 PM, Alessio Soldano wrote:
>
> Hi Darran,
>
> On Fri, Nov 1, 2019 at 7:16 PM Darran Lofthouse <
> darran.lofthouse at jboss.com> wrote:
>
>> I have found the following that answers my question: -
>>
>>
>> https://docs.jboss.org/resteasy/docs/4.4.0.Final/userguide/html/Securing_JAX-RS_and_RESTeasy.html
>>
>> So overall I both need to switch on support for the annotations AND
>> configure a path based security constraint in the web.xml to trigger
>> authentication.
>>
>> Have there been any discussions on looking into this further?  It seems
>> plausible that authentication could be triggered in the event a role is
>> required if authentication has not already been performed: -
>>
> No discussion here recently AFAIR. Maybe Ron remembers anything?
> I'm fine evaluating possible RFE anyway.
> Thanks
>
>
>
>>
>>
>> https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#authenticate-javax.servlet.http.HttpServletResponse-
>>
>> Regards,
>> Darran Lofthouse.
>>
>> On Fri, Nov 1, 2019 at 5:23 PM Darran Lofthouse <
>> darran.lofthouse at jboss.com> wrote:
>>
>>> Hello,
>>>
>>> I am presently in the process of adding MicroProfile JWT support to
>>> WildFly, most of the code to activate this is now ready but I just wanted
>>> to ask for some pointers as to how RestEasy triggers the need for
>>> authentication for a request?
>>>
>>> I have a deployed endpoint annotated with @RolesAllowed, I am about to
>>> attach a debugger and look into the call in more detail but thought I would
>>> ask here as well if there are any pointers.
>>>
>>> Regards,
>>> Darran Lofthouse.
>>>
>>> _______________________________________________
>> resteasy-dev mailing list
>> resteasy-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/resteasy-dev
>>
>
>
> --
>
> Alessio Soldano
>
> Associate Manager, Software Engineering
>
> Red Hat <https://www.redhat.com>
> <https://www.redhat.com>
>
> _______________________________________________
> resteasy-dev mailing listresteasy-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/resteasy-dev
>
> _______________________________________________
> resteasy-dev mailing list
> resteasy-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/resteasy-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/resteasy-dev/attachments/20191105/be29d909/attachment-0001.html 


More information about the resteasy-dev mailing list