[undertow-dev] How to do custom authentication?

arjan tijms arjan.tijms at gmail.com
Thu Oct 16 08:36:56 EDT 2014 

Hi,

On Thu, Oct 16, 2014 at 2:04 PM, Marc Boorshtein
<marc.boorshtein at tremolosecurity.com> wrote:
> Thanks everyone. So would the beat approach be to use a http and let to
> invoke a jaspic class or to invoke an undertow authentication class?

I'd personally say JASPIC. The advantage it that it's a standardized
SPI/API, which means it very likely won't suddenly change in a major
incompatible way between JBoss versions.

Also note that the HttpHandler (and before that a Valve) is not an
authentication class perse, but a general mechanism. Using an
HttpHandler though gives you access to some very low-level Undertow
mechanics, that you won't be able to access from higher level and more
general JASPIC authentication modules.

As a middle ground; I've seen a couple of JASPIC authentication
modules that casted the HTTPServletRequest to a JBoss specific one and
then did some things with it that the plain Servlet API doesn't allow,
and ones that were combined with a Valve (JBoss EAP 6 and before).

JBoss themselves have published 3 JASPIC authentication modules where
they use this hybrid approach, see e.g.
http://grepcode.com/file/repo1.maven.org/maven2/org.jboss.as/jboss-as-web/7.2.0.Final/org/jboss/as/web/security/jaspi/modules/HTTPBasicServerAuthModule.java?av=f

But I'd suggest starting with the plain JASPIC/Servlet APIs first and
only going JBoss specific when really needed.

Regards,
Arjan


>
> Thanks
> Marc
>
> On Oct 16, 2014 7:16 AM, "Tomaž Cerar" <tomaz.cerar at gmail.com> wrote:
>>
>>
>> On Thu, Oct 16, 2014 at 12:47 AM, Stuart Douglas <sdouglas at redhat.com>
>> wrote:
>>>
>>> The equivalent of a valve is a HttpHandler, you can wire them up
>>> programatically via jboss-web.xml, something like:
>>
>>
>>
>> Or since upcoming wildfly 8.2 and 9 it is also possible as global
>> configuration in undertow subsystem
>>
>>  <host name="default-host" alias="localhost, some.host"
>> default-web-module="something.war">
>>             <location name="/" handler="welcome-content">
>>                 <filter-ref name="custom-filter"/>
>> ....
>>  </host>
>> ....
>>
>> <filters>
>>         <filter name="custom-filter"
>> class-name="io.undertow.server.handlers.HttpTraceHandler"
>> module="io.undertow.core" />
>>     </filters>
>>
>>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev

More information about the undertow-dev mailing list