[security-dev] Undertow / IdentityManager and Digest Authentication

Anil Saldhana asaldhan at redhat.com
Wed May 1 20:44:35 EDT 2013


Shane - you can add the API for this. But I would like to think about it further. I really do not like creds via IM interface.

On May 1, 2013, at 7:33 PM, Shane Bryzak <sbryzak at redhat.com> wrote:

> Bill, I'm going to concede defeat on this one, so congrats on a 
> well-fought victory ;)  The one saving grace with the IdentityManager is 
> that in an EE environment it is actually wrapped by a 
> SecuredIdentityManager, which allows for permission checks to be defined 
> for every single IDM operation.  With this in mind, it should be trivial 
> to implement a permission check for credential retrieval that restricts 
> it to only allow the reading of credentials for the currently 
> authenticated user (or whatever other permission logic the developer wants).
> 
> So, with that in mind I propose the following additional methods for 
> IdentityManager:
> 
>     <T extends CredentialStorage> T retrieveCurrentCredential(Agent 
> agent, Class<T> storageClass);
>     <T extends CredentialStorage> List<T> retrieveCredentials(Agent 
> agent, Class<T> storageClass);
> 
> These will essentially delegate to the underlying CredentialStore, and 
> if there is none (which will be the case in an LDAP-only configuration) 
> you'll get an OperationNotSupportedException.
> 
> Will this be sufficient for your requirements?
> 
> Shane
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list