[undertow-dev] Configure authentication mechanisms
Darran Lofthouse
darran.lofthouse at jboss.com
Thu Apr 25 03:19:48 EDT 2013
FYI - I have already started a thread discussing the configuration we
need to make available for authentication mechanisms and how we take
into account different aspects of a deployment including the auth method
in the web.xml.
On 24/04/13 23:43, Stuart Douglas wrote:
>
>
> Anil Saldhana wrote:
>> On 04/24/2013 04:33 PM, Anil Saldhana wrote:
>>> https://community.jboss.org/wiki/WildFlyWebContainerSecurityUseCases
>>>
>>> We use JBossWeb Valves/Authenticators in AS7/JBossWeb.
>>>
>>> Undertow currently just handles the standard mechanisms
>>> (gss,form,basic,client-cert,digest) via the LoginConfig construct.
>>> https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/Undertow.java
>>>
>>> I am wondering if it is possible to update the builder API to change to
>>> overriden implementations of the mechanisms for example: FORM. In my
>>> case, the SAMLAuthenticationMechanism would be a subclass of
>>> FormAuthenticationMechanism.
>> I meant the builder api should allow customization of implementations of
>> the default mechanisms.
>> FORM-> AnilsGoryFormImplementation.
>>
>> Also the web.xml login config element is a string. Theoretically you
>> can configure the string to be
>> whatever you want.
>
> Yes, but the question is how to map that string to an authentication
> mechanism. Basically do we go the simple route and just use class names,
> exposing internal class names as a public API, or can we do something a
> bit nicer.
>
> Stuart
>
>>> I think Bill Burke has a similar use case where he would like to inject
>>> an OAuth driven Auth Mechanism.
>>>
>>> I guess as a start the builder api should be updated. Not sure how it
>>> should look.
>>>
>>>
>>> On 04/24/2013 04:04 PM, Stuart Douglas wrote:
>>>> If you are configuring Undertow programmatically you need to add a
>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler to the
>>>> handler chain that has your authentication mechanism.
>>>>
>>>> Unfortunately we don't have a way of hooking this up into the Wildfly
>>>> config yet, although it will not be a very big job. Regarding config
>>>> options for AS7 there are a few possibilities:
>>>>
>>>> 1) Allow the user to specify the class name and module in JBoss Web to
>>>> configure per app, and same in standalone.xml for global authenticators.
>>>>
>>>> 2) Introduce a servlet loader based mechanism to allow mechanisms to be
>>>> loaded and associated with a simple name. This name could then be
>>>> specified in the web.xml login config. In the subsystem you could list
>>>> all the modules that you want to load authentication mechanisms from.
>>>> This has the advantage that internal class names do not leak out into
>>>> config.
>>>>
>>>> 3) Some other way??
>>>>
>>>> I am leaning towards option 2. I think it should be possible to get this
>>>> integrated into the next Undertow release early next week.
>>>>
>>>> Stuart
>>>>
>>>> Anil Saldhana wrote:
>>>>> Hi,
>>>>> I am trying to figure out how to set up the authentication mechanisms
>>>>> in undertow. If I write an authentication mechanism involving saml, how
>>>>> do I make the web apps using that mechanism.
>>>>>
>>>>> Any links to test cases.
>>>>>
>>>>> Regards,
>>>>> Anil
>>>>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
More information about the undertow-dev
mailing list