deltaspike-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Muir <pm...@redhat.com>
Subject Re: [jboss-rwp:82] Resource authentication
Date Thu, 05 Apr 2012 14:47:35 GMT
I would guess the work could be moved forward if we have a someone willing to work on it?

On 5 Apr 2012, at 15:14, Bruno Oliveira wrote:

> Hi folks, I would like share some thoughts about aerogear development and security.
> 
> I did some changes in aerogear-security (https://github.com/abstractj/aerogear-security/tree/deltaspike)
to integrate with DS 0.2. Our goal is to support REST resources authentication/authorization
and provide some abstraction like SecurityInterceptor aims to do.
> 
> The point is that SecurityInterceptor must be finished/implemented and we need some abstraction
instead of go straight to username/pwd (https://github.com/abstractj/incubator-deltaspike/blob/master/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/LoginLogoutTest.java#L95)
> 
> As is today it might not make a lot of sense to force fit DS usage for REST resources,
or usr/pwd abstractions. This support is currently targeted for phase 3/4. What I'm thinking
is that I can prototype some of this support, completely based on DS implementation, and create
auth providers, and SecurityInterceptor with this functionality.
> 
> With this approach I can stay closely involved with DS, and work back updates, and patches.
This should also give some valuable real world experience for the use-case that we can discuss
as Phase 3,4 kicks off. I DO NOT want to create another security framework, it's just about
timing.
> 
> What do you think?
> 
> -- 
> 
> -- 
> "Know the rules well, so you can break them effectively" - Dalai Lama XIV
> -
> @abstractj
> -
> Volenti Nihil Difficile


Mime
View raw message