[undertow-dev] Undertow Security: PicketBox5
Anil Saldhana
Anil.Saldhana at redhat.com
Tue Nov 13 17:32:36 EST 2012
Hi All,
I was not aware of this mailing list until today.
3-4 months ago, we rewrote PicketBox5 to be a generic security framework.
https://docs.jboss.org/author/display/SECURITY/Java+Application+Security
https://github.com/picketbox/picketbox
We neither have JAAS stuff nor Servlet Security
(FORM,DIGEST,CLIENT-CERT,BASIC) tied to Tomcat Authenticators.
I am wondering if there is a scope for using PicketBox5 with Undertow.
Also there is no tie in into any containers in
PicketBox5.
The test cases that you may want to review:
https://github.com/picketbox/picketbox/tree/master/http/src/test/java/org/picketbox/test/authentication/http
Maybe Stefan from our side can help out. I would guess we can produce a
prototype branch with undertow + PBox5.
Regards,
Anil
PS: Feedback from *Jason Greene*: I'll let Stuart and Darran comment,
but my thinking is that we want to greatly limit the dependencies of
standalone undertow. Integration in AS is a different story though. I
would imagine this means some kind of SPI between undertow and the
container.
More information about the undertow-dev
mailing list