[undertow-dev] Configure authentication mechanisms

Stuart Douglas sdouglas at redhat.com
Wed Apr 24 18:43:37 EDT 2013



Anil Saldhana wrote:
> On 04/24/2013 04:33 PM, Anil Saldhana wrote:
>> https://community.jboss.org/wiki/WildFlyWebContainerSecurityUseCases
>>
>> We use JBossWeb Valves/Authenticators in AS7/JBossWeb.
>>
>> Undertow currently just handles the standard mechanisms
>> (gss,form,basic,client-cert,digest) via the LoginConfig construct.
>> https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/Undertow.java
>>
>> I am wondering if it is possible to update the builder API to change to
>> overriden implementations of the mechanisms for example: FORM.  In my
>> case, the SAMLAuthenticationMechanism would be a subclass of
>> FormAuthenticationMechanism.
> I meant the builder api should allow customization of implementations of
> the default mechanisms.
> FORM->  AnilsGoryFormImplementation.
>
> Also the web.xml login config element is a string.  Theoretically you
> can configure the string to be
> whatever you want.

Yes, but the question is how to map that string to an authentication 
mechanism. Basically do we go the simple route and just use class names, 
exposing internal class names as a public API, or can we do something a 
bit nicer.

Stuart

>> I think Bill Burke has a similar use case where he would like to inject
>> an OAuth driven Auth Mechanism.
>>
>> I guess as a start the builder api should be updated.  Not sure how it
>> should look.
>>
>>
>> On 04/24/2013 04:04 PM, Stuart Douglas wrote:
>>> If you are configuring Undertow programmatically you need to add a
>>> io.undertow.security.handlers.AuthenticationMechanismsHandler to the
>>> handler chain that has your authentication mechanism.
>>>
>>> Unfortunately we don't have a way of hooking this up into the Wildfly
>>> config yet, although it will not be a very big job. Regarding config
>>> options for AS7 there are a few possibilities:
>>>
>>> 1) Allow the user to specify the class name and module in JBoss Web to
>>> configure per app, and same in standalone.xml for global authenticators.
>>>
>>> 2) Introduce a servlet loader based mechanism to allow mechanisms to be
>>> loaded and associated with a simple name. This name could then be
>>> specified in the web.xml login config. In the subsystem you could list
>>> all the modules that you want to load authentication mechanisms from.
>>> This has the advantage that internal class names do not leak out into
>>> config.
>>>
>>> 3) Some other way??
>>>
>>> I am leaning towards option 2. I think it should be possible to get this
>>> integrated into the next Undertow release early next week.
>>>
>>> Stuart
>>>
>>> Anil Saldhana wrote:
>>>> Hi,
>>>>        I am trying to figure out how to set up the authentication mechanisms
>>>> in undertow. If I write an authentication mechanism involving saml, how
>>>> do I make the web apps using that mechanism.
>>>>
>>>> Any links to test cases.
>>>>
>>>> Regards,
>>>> Anil
>>>>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev


More information about the undertow-dev mailing list