[security-dev] DeltaSpike, IDM, Authentication and Authorization
Pete Muir
pmuir at redhat.com
Tue Jul 31 09:54:30 EDT 2012
On 30 Jul 2012, at 23:15, Shane Bryzak wrote:
> On 31/07/12 04:40, Bruno Oliveira wrote:
>> Hi, some few open questions inline.
>> On Friday, July 27, 2012 at 1:35 PM, Pete Muir wrote:
>>
>>>
>>> Authentication
>>> -------------------
>> Which IDM domain model should I use, picketlink idm or DeltaSpike? I might be wrong, but probably those entities belongs to the IDM?
As Shane said, DS IDM is no more.
>>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
>>>
>>> This contains methods to log in, log out, get the current user, and check if a user is logged in or not. In order to log in/log out, a LoginCredential is provided:
>> How do they fit together?
>>
>> -> https://github.com/picketlink/picketlink-idm/blob/master/picketlink-idm-api/src/main/java/org/picketlink/idm/api/Credential.java
>>
>> -> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/credential/Credential.java
>>>
>>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/credential/LoginCredential.java
>>>
>>> We also have a very basic representation of a user, which contains some unique identifier for the user:
>>>
>>> https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
>>>
>>> This isn't useful on it's own of course, but would plug into whatever IDM solution you happen to use. In our case PicketLink IDM.
>> Why not make use of same entity model from PicketLink IDM? https://github.com/picketlink/picketlink-idm/blob/master/picketlink-idm-api/src/main/java/org/picketlink/idm/api/User.java. Or create some level of abstraction like that.
>>
>> How do I extend the User class to include a token and the email attribute?
>
> All of this has been removed from DeltaSpike for now, and while the plan is to eventually add a simple authentication API (I'm not sure why we couldn't just use the one we already had) I don't think we can depend on this for now, so I'll be re-implementing all of it again in the PicketLink CDI module.
We should try to use the DS stuff if possible. Once 0.3 is out, let's push to get this added into DS.
If not, we do it in Picket, I agree.
>
> Shane
>
>>
>> - Bruno
>>
>>
>>
>>
>> _______________________________________________
>> security-dev mailing list
>>
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
More information about the security-dev
mailing list