[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647897#comment-17647897 ] Andi Huber commented on ISIS-3305: -- I imagine that we allow the above choices on top of the Spring Security stack, by offering corresponding (pre-configured) integrations. However, Devs do have the freedom to use their own. > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Task >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: > # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647893#comment-17647893 ] Andi Huber commented on ISIS-3305: -- >From a developer perspective there should be a simplified decision process >when selecting a security model for their application: *A) Select your authenticator* (single choice): * default (Spring autoconfigure) * OAuth/OpenId * Keycloak * Bypass * Apache Shiro (optional, if easy to migrate) *B) Select your authorizor* (single choice): * default (Spring autoconfigure) * SecMan (could be autoconfigured, that is, if its on the class-path, use it) * Bypass * Apache Shiro (optional, if easy to migrate) > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Task >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: > # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645610#comment-17645610 ] Andi Huber commented on ISIS-3305: -- Thanks for shedding some light on the greater picture behind our security stuff. You did answer quite a few questions I had. And I basically agree with your suggestions. > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Improvement >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: > # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645609#comment-17645609 ] Daniel Keir Haywood commented on ISIS-3305: --- re: (2) keycloak - as I say, today we do have a couple of classes that during login do claim/role/authority conversion, and for logout provide a callback for keycloak. This code could perhaps just be moved into our causeway-spring-security module, but there is some useful functionality there so it need be reside somewhere. And I am happy to maintain the docs rather than just refer folks to Baeldung, as it takes a while (for me at least) to piece together the parts, so having "our" procedure in one place is helpful (at least, I've found it to be helpful). > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Improvement >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: > # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645608#comment-17645608 ] Andi Huber commented on ISIS-3305: -- re: (2) dropping Keycloak support ... Why provide this with Apache Causeway, if there is already a Spring Security integration for Keycloak. (Let Spring do the documentation) https://www.baeldung.com/spring-boot-keycloak > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Improvement >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: > # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (ISIS-3305) [DISCUSS] Re-platform on top of Spring security.
[ https://issues.apache.org/jira/browse/ISIS-3305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17645605#comment-17645605 ] Daniel Keir Haywood commented on ISIS-3305: --- re: (1) for dropping Keycloak support ... I don't think we want to do this, because actually our Keycloak support is really nothing more than docs on how to configure Spring security's Oauth support. > [DISCUSS] Re-platform on top of Spring security. > > > Key: ISIS-3305 > URL: https://issues.apache.org/jira/browse/ISIS-3305 > Project: Isis > Issue Type: Improvement >Affects Versions: 2.0.0-M9 >Reporter: Daniel Keir Haywood >Priority: Major > Fix For: 2.1.0 > > > as per [https://the-asf.slack.com/archives/CFC42LWBV/p1670661588201299] > > Andi's wish list of changes is: # drop Shiro support > # drop Keycloak support > # instead fully integrate with Spring Security > # drop SudoService > # instead provide impersonation via a specialized login page > # drop Wicket's .../login, .../logout > # instead provide simple replacements under /security/... central to the > application (not using Wicket) > Why? Focus on one security stack and do that integration well > -- This message was sent by Atlassian Jira (v8.20.10#820010)