[security-dev] Replacing Seam RunAsOperation (impersonate)
Sean Flanigan
sflaniga at redhat.com
Mon Jul 13 01:31:36 EDT 2015
On 2015-07-10 22:27, Pedro Igor Silva wrote:
> Hey Sean,
>
> You are right, PL is missing that feature. It was planned but now the
> PL and KC are merging I'm not sure if we are going to implement it in
> PL.
Ah yes, thanks for reminding me about the Keycloak merger. Sounds like
that might make it all moot. I don't suppose it has an impersonation
feature similar to the one in Seam?
> Regarding your question, there is no easy way to specify your own
> Identity implementation. However, I'm wondering if you can use a
> custom CDI scope for that. PicketLink allows you to define a specific
> scope for the Identity bean.
So, some sort of short-lived scope for Identity, plus login via a dummy
Authenticator? That might work, although it sounds more complex than
what I had in mind for modifying Identity.getAccount() to use a
ThreadLocal (ugly though it sounds).
But how does one configure the Identity bean's scope? I found slides 6
and 9 of http://www.slideshare.net/pigorcraveiro/jud-con-2014. Is there
a compiled example anywhere?
Would it be possible to change IdentityBeanDefinition to allow more
customisation, eg for getBeanClass()?
Also, is there some way I can disable PicketLinkExtension, so that I can
replace it with one which uses a modified IdentityBeanDefinition?
>
> Regards.
> Pedro Igor
>
> ----- Original Message -----
> From: "Sean Flanigan" <sflaniga at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Friday, July 10, 2015 5:37:51 AM
> Subject: [security-dev] Replacing Seam RunAsOperation (impersonate)
>
> I was hoping I had missed an impersonation feature[1], but now I'm
> thinking there isn't one in PicketLink. Assuming I have to subclass and
> @Specialize org.picketlink.internal.DefaultIdentity, how would I go
> about convincing PicketLink to use my implementation?
>
> org.picketlink.extension.PicketLinkExtension seems to be vetoing my
> implementation. Is there some way of telling (or overriding)
> IdentityBeanDefinition to use my Identity bean class?
>
> [1] https://developer.jboss.org/thread/260993
>
> Regards,
>
> Sean.
>
--
Sean Flanigan
Principal Software Engineer
Globalisation Tools Engineering
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/security-dev/attachments/20150713/6aa3cb71/attachment.bin
More information about the security-dev
mailing list