[undertow-dev] Undertow Security: PicketBox5

[Dimitris Andreadis]

What are the security requirements of Undertow?

That would help Anil explain if Picketbox fits in or not.

On 13/11/2012 23:40, David M. Lloyd wrote:
> On 11/13/2012 04:32 PM, Anil Saldhana wrote:
>> Hi All,
>>      I was not aware of this mailing list until today.
>>
>> 3-4 months ago, we rewrote PicketBox5 to be a generic security framework.
>> https://docs.jboss.org/author/display/SECURITY/Java+Application+Security
>> https://github.com/picketbox/picketbox
>>
>> We neither have JAAS stuff nor Servlet Security
>> (FORM,DIGEST,CLIENT-CERT,BASIC) tied to Tomcat Authenticators.
>> I am wondering if there is a scope for using PicketBox5 with Undertow.
>> Also there is no tie in into any containers in
>> PicketBox5.
>
> In a word: why?
>
> What does PicketBox provide that Undertow needs?  I'd be highly
> skeptical unless it's clear what requirements were fed *into* PicketBox
> to begin with.  We know what we need; the burden of justification lies
> on you in this case.
>
>> The test cases that you may want to review:
>> https://github.com/picketbox/picketbox/tree/master/http/src/test/java/org/picketbox/test/authentication/http
>>
>> Maybe Stefan from our side can help out.  I would guess we can produce a
>> prototype branch with undertow + PBox5.
>>
>> Regards,
>> Anil
>>
>> PS: Feedback from *Jason Greene*: I'll let Stuart and Darran comment,
>> but my thinking is that we want to greatly limit the dependencies of
>> standalone undertow. Integration in AS is a different story though. I
>> would imagine this means some kind of SPI between undertow and the
>> container.
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>
>

-- 
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dimitris Andreadis
Software Engineering Manager
JBoss Application Server
by Red Hat
xxxxxxxxxxxxxxxxxxxxxxxxxxxx

http://dandreadis.blogspot.com/