+1 to pac4j, and specifically dropwizard-pac4j <https://github.com/pac4j/dropwizard-pac4j>. It should be able to do whatever you want.
On Mon, Dec 12, 2016 at 3:26 PM, Shan Syed <[email protected]> wrote: > check this out http://www.pac4j.org/ > > On Mon, Dec 12, 2016 at 6:12 PM, Rob <[email protected]> wrote: > >> I am taking a fresh look at how to best handle authorization and >> authentication in Dropwizard today. I think it would be a very helpful >> conversation for all of us if we could share what we're using for authn and >> authz, and what we feel would be the simplest/best/etc approach today. >> >> Here's my personal take on the requirements are for a modern authn and >> authz solution: >> >> 1) As few external dependencies as possible - e.g. no dependency on >> external service, such as KeyCloak, Auth0, etc. Should be able to use the >> app's database as the identity provider for users and role/permissions. >> >> 2) Simplicity - many security libraries try to handle every protocol or >> standard, and end up being hard to configure and troubleshoot. >> >> 3) Works cleanly with both indirect clients (views; web form-based login) >> and direct clients (APIs). Example use case: a view rendered server-side >> has some JS that fetches data from a resource. >> >> 4) Simple role and/or permission based access control. >> >> 5) User can optionally authenticate via Facebook, Google, etc. >> >> 6) If an account needs to be de-activated, user can be logged out across >> all devices/sessions within minutes. >> >> 7) The project is actively maintained and updated. >> >> Bonus: in theory stateless sessions would be nice option to have - >> although there are probably too many drawbacks to make the complexity worth >> it (e.g. JWT with short-lived access tokens and long-lived refresh tokens). >> >> I don't think there's any Java solution out there that meets the >> requirements above, but I'd love to hear if anyone has gotten close. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "dropwizard-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Evan Meagher -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
