[undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?

Michaël REMOND michaelremond at gmail.com
Wed Oct 29 05:28:53 EDT 2014


Hello,

I make a follow-up on this thread as I received no feedback on my pac4j
binding proposal.

Are you interested in this authentication library? Can we improve its
design?

Thank you for your help

Regards,
Michaël

2014-05-27 20:02 GMT+02:00 Michaël REMOND <michaelremond at gmail.com>:

> Hello dear Community,
>
> I made a first draft of what could be a pac4j binding for Undertow. You
> can find our standard demo application here
> https://github.com/pac4j/undertow-pac4j-demo. You can test several
> different authentication providers (facebook, twitter, form, CAS, SAML...).
>
> I'd like to share some implementation details with you:
>  - I implemented a new AuthenticationMechanism delegating the
> authentication to a pac4j client; so this mechanism is rather "generic" in
> regards to what you got in undertow (one for basic auth, one for form...)
>  - pac4j needs a session mechanism so I used the Undertow SessionManager
> to store some attributes but also the User Profile once the user is
> successfully authenticated
>  - pac4j also needs a callback url to finish the authentication process so
> I developped a dedicated handler
>  - finally I used the EagerFormParsingHandler to grab the required POSTed
> data
>
> To conclude I have to say I really appreciated the maturity of the
> framework because it was pretty straightforward to play with all the
> concepts and the ability to change from the IO thread to the dispatcher is
> really powerfull.
>
> Jérôme and I are really interrested to get your feedback on this work.
> Does this binding makes sense to you? How can we improve this work to fit
> perfectly in Undertow and how can we extract a viable library from the demo?
>
> Thank you for your help,
>
> Regards,
> Michaël
>
>
>
> 2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas at redhat.com>:
>
>> This does sound pretty cool. I would start by looking at the existing
>> authenticator implementations and the security docs at
>>
>> http://undertow.io/documentation/core/security.html
>>
>> Stuart
>>
>> Michaël REMOND wrote:
>>
>>> Hi,
>>>
>>> I currently contribute to a Java library from Jerome Leleu, able to
>>> protect applications and delegate authentications to various identity
>>> providers. It currently supports 5 different protocols: CAS, OAuth,
>>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
>>> Google, Yahoo...) through a very simple and unified API accross
>>> protocols/JVM frameworks: https://github.com/leleuj/pac4j.
>>>
>>> The pac4j librairies are used in various JVM frameworks with the
>>> appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
>>> Although the core pac4j librairies gathers "a lot of" code (300 classes,
>>> 26000 lines of source code), the implementations to specific JVM
>>> frameworks are pretty straigtforward: from 4 classes for Spring Security
>>> to 11 classes for Play Framework 2.x.
>>>
>>> We are currently targeting new plateforms and especially async one; we
>>> got an implementation from ratpack (http://www.ratpack.io/) and we
>>> discussed also with the guys from vert.x. They gave us some ideas in
>>> order to improve our library by becoming more "reactive".
>>>
>>> I think that pac4j could be helpful for the Undertow community too by
>>> bringing client multi-protocols support.
>>>
>>> I looked at the security model from Undertow and I start to think about
>>> a possible integration by developing a "Pac4jAuthenticationMechanism".
>>>
>>> What do you think about such development? Are you interested in a demo
>>> app showing how this could work? Do you have suggestions?
>>>
>>> Thanks.
>>> Best regards,
>>> Michael Remond
>>>
>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20141029/a197f17a/attachment.html 


More information about the undertow-dev mailing list