[undertow-dev] How to do custom authentication?
arjan tijms
arjan.tijms at gmail.com
Wed Oct 15 15:42:20 EDT 2014
Hi Marc,
>I know this isn't a JBoss list but my post on the JBoss forums isn't going anywhere so I thought I'd ask here. If someone could point me to an example (I usually start with an example of authenticating based on a username in a header) I'd really appreciate it.
If you're looking for custom authentication then there's a
standardized SPI/API for that: JASPIC. It's supported relatively well
by WildFly 8.x.
There's an example of building a simple module here:
http://www.trajano.net/2014/06/creating-a-simple-jaspic-auth-module
and somewhat more complex one by the same author here:
http://www.trajano.net/2014/07/oauth-2-0-jaspic-implementation
I've posted about the background of JASPIC here:
http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html
and created several tests that demonstrate a variety of behaviors
here: https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic
(see also https://github.com/javaee-samples/javaee7-samples/issues/243)
Another example can be found here: https://github.com/arjantijms/two-factor-sam
This should hopefully be enough to start with an example where you
authenticate based on a header.
Kind regards,
Arjan
On Wed, Oct 15, 2014 at 8:00 PM, Marc Boorshtein
<marc.boorshtein at tremolosecurity.com> wrote:
> Undertow team,
>
> I'm trying to integrate our integration with JBoss into Wildfy 8.x. Its a
> reverse proxy that generates a token in a header that is then decoded and
> the context is set. It works in JBoss 7.x using a combination of a Valve
> and a JAAS LoginModule but am struggling to figure out what the replacement
> of the Valve would be.
>
> Doing some googling I found
> http://undertow.io/documentation/core/security.html but it doesn't point out
> how to configure this without writing custom code to add mechanism to the
> chain. I found a stacktrace article about setting up a servlet extension
> that creates the mechanism, but I don't feel like thats the *best* solution.
> When I did the JBoss 7 integration I used PicketLink's SAML integration as
> an example but it looks like it isn't yet working for Wildfly 8.x and won't
> work until 9?
>
> I know this isn't a JBoss list but my post on the JBoss forums isn't going
> anywhere so I thought I'd ask here. If someone could point me to an example
> (I usually start with an example of authenticating based on a username in a
> header) I'd really appreciate it.
>
> Thanks
>
>
> Marc Boorshtein
> CTO Tremolo Security
> marc.boorshtein at tremolosecurity.com
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
More information about the undertow-dev
mailing list