Update: I’ve started the implementation of the FormAuthenticationMechanism. Is not as easy as it sounds, since it requires some conversation chat across requests. I thought about wrapping all the logic and use the Tomcat FormAuthenticator, since it does exactly what we need. Unfortunately, it is too tied to the Tomcat code and it would require to instantiate a lot to Tomcat objects to be able to use it. I’m not sure if it would be worth it. I ended up following the spec suggestion to use a CDI interceptor and I’m copying / reusing some pieces of the FormAuthentication when possible.
PR updated: https://github.com/apache/tomee/pull/277 <https://github.com/apache/tomee/pull/277> Cheers, Roberto > On 26 Dec 2018, at 22:11, Roberto Cortez <radcor...@yahoo.com.INVALID> wrote: > > Hi folks, > > I’ve updated the PR with new changes: > > - I’ve implemented a CDI Extension to create AuthenticationMechanism beans > and a CDI class to keep track of the mapping between the authentication > mechanism and the servlet that should be checked. When a Servlet is executed > the mapping is checked and if there is and associated > AuthenticationMechanism, we validate the request with the associated type > (Basic, Form, etc). > > - Implemented the BasicAuthenticationMechanism and all the plumbing required > to be executed. This required an HttpMessageContext to pass information > around, plus store some state to make decisions on things to do, including > the CallbackHandler to pass in additional Callbacks to create the Principal > and Groups > > - A default IdentityStore, using the Tomcat UserDatabase, that reads user > data from tomcat-users.xml > > I’ll probably move to implement the missing AuthenticationMechanisms (FORM > and Custom) next. > > Any feedback, always welcomed :) > > Cheers, > Roberto > >> On 19 Dec 2018, at 10:00, Bruno Baptista <bruno...@gmail.com> wrote: >> >> TomEE Security works for me. >> >> Bruno Baptista >> https://twitter.com/brunobat_ >> >> >> On 19/12/18 00:20, Roberto Cortez wrote: >>> Hi folks, >>> >>> Work is progressing. >>> >>> I’ve added a good chunk of the API (as needed) to allow me to proceed. I’ve >>> tried to use the Jakarta Security API jar. Unfortunately, it is full of >>> dependencies to the other Jakarta dependent projects, some not in central >>> yet, so I couldn’t even build the project. >>> >>> At the moment, I’ve added the structure to register a JASPIC provider to >>> serve as a bride to the Security implementation code. With a CDI extension, >>> we can register the required AuthenticationMechanisms and then look them up >>> to delegate the authentication code. >>> >>> I’ve also wrote a default IdentityStoreHandler to validate user credentials >>> and retrieve user groups. This is just going through the container >>> registered IdentityStores and using the spec rules to identify the >>> credentials. >>> >>> Right now, I’m just calling this TomEE Security. If someone has a more >>> fancy idea for a name, feel free to suggest it :) >>> >>> Cheers, >>> Roberto >>> >>>> On 14 Dec 2018, at 23:44, Roberto Cortez <radcor...@yahoo.com.INVALID> >>>> wrote: >>>> >>>> Hi folks, >>>> >>>> I’ve now created a PR to push the work: >>>> https://github.com/apache/tomee/pull/277 >>>> <https://github.com/apache/tomee/pull/277> >>>> >>>> It is still in the early stages. I’ve just spent a good amount of time >>>> trying to understand the spec. The ideia here is that with a >>>> ServerAuthModule we could verify each of the spec authentication >>>> mechanisms that will be implemented with a CDI Bean and use a CDI >>>> Extension to create the bean depending on the annotation you use. >>>> >>>> Cheers, >>>> Roberto >>>> >>>>> On 13 Dec 2018, at 16:06, Roberto Cortez <radcor...@yahoo.com.INVALID> >>>>> wrote: >>>>> >>>>> Hi folks, >>>>> >>>>> I’ve created https://jira.apache.org/jira/browse/TOMEE-2365 >>>>> <https://jira.apache.org/jira/browse/TOMEE-2365> to implement the Java EE >>>>> Security API that came up in EE 8. We are missing this spec >>>>> implementation, and until we have it we cannot even say we are EE 8 >>>>> compatible. >>>>> >>>>> I plan to start working on this. If anyone wants to collaborate with me, >>>>> let me know. >>>>> >>>>> Cheers, >>>>> Roberto >
