[security-dev] Undertow IDM

Bill Burke bburke at redhat.com
Fri Apr 26 07:50:20 EDT 2013



On 4/25/2013 7:44 PM, Stuart Douglas wrote:
>
>
> Bill Burke wrote:
>> Does Undertow give you some API so that you can get at the guts of a
>> SecurityCOntext? Basically the principal and its role mappings?
>
> Not directly, the principle and roles are determined by the relevant
> methods on the Account interface. Basically your auth mechanism could
> potentially just skip the IdentityManager entirely, and simply return
> its own account with whatever principal and roles you want.
>

That works for my bearer token auth, but not the interface that actually 
builds the token.  Looks like the Account interface just has role 
checks, not the ability to know principal and roles.

>>
>> I really need to port my SSO/OAuth stuff to Undertow. I hope you're
>> still up for suggestions and API changes. But what I care most about is
>> that Undertow doesn't make it impossible to add these capabilities or
>> put undo configuration complexities that don't exist in the AS7 version
>> of this functionality.
>
> Darran started a thread about the configuration on undertow-dev a while
> back ("Web Application - Security Mechanism Selection"). The security
> API is not set in stone, if there are things that you need that we don't
> provide feel free to start a discussion on undertow-dev about it.
>

Ya, I'll get back to you guys.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the security-dev mailing list