[undertow-dev] figuring out how to integration resteasy oauth
Darran Lofthouse
darran.lofthouse at jboss.com
Thu Aug 15 08:56:10 EDT 2013
I will put something together shortly for the mechanism overrides, I
previously proposed a solution to these lists a while back which
received quite a bit of support.
Overall mechanism overrides will either be possible using the subsystem
configuration or deployment specific configuration providing both ways
to set the mechanism for the app being deployed.
Regards,
Darran Lofthouse.
On 15/08/13 01:23, Bill Burke wrote:
> I'm looking at Undertow handlers and Auth mechanisms and trying to
> figure out how to port resteasy oauth. I need to be able to do the
> following
>
> 1. check a cookie to see if user is already logged in.
> 2. If not redirect to auth server
> 3. get a redirect back from auth server
> 4. make an HTTP request to server based on information from the request
> 5. Obtain a token from this request
> 6. Parse and validate the token to obtain user identity and role mappings
> 7. Propagate the identity and role mappings so other layers can do their
> thing (like role checks)
>
> I can do most of this within a AuthenticationMechanism. sendChallenge()
> would be used to send the redirect to the auth server. I think a custom
> IdentityManager is needed. This would accept a custom Credential. The
> Credential would have the identity and role mappings within it and the
> IdentityManager would allocate an Account based on this information.
>
> So, thats for Undertow....but I don't see any way to wire this all up
> for Wildfly. The IdentityManager is hardcoded to a JaaS one and I see
> no way of wiring up AuthenticationMechanisms. I see no other undertow
> specific config except for undertow-handlers.conf.
>
More information about the undertow-dev
mailing list