deltaspike-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Oliveira <br...@abstractj.org>
Subject Resource authentication
Date Thu, 05 Apr 2012 14:14:25 GMT
Hi folks, I would like share some thoughts about aerogear development and
security.

I did some changes in aerogear-security (
https://github.com/abstractj/aerogear-security/tree/deltaspike) to
integrate with DS 0.2. Our goal is to support REST resources
authentication/authorization and provide some abstraction like
SecurityInterceptor aims to do.

The point is that SecurityInterceptor must be finished/implemented and we
need some abstraction instead of go straight to username/pwd (
https://github.com/abstractj/incubator-deltaspike/blob/master/deltaspike/modules/security/impl/src/test/java/org/apache/deltaspike/test/security/impl/authentication/LoginLogoutTest.java#L95
)

As is today it might not make a lot of sense to force fit DS usage for REST
resources, or usr/pwd abstractions. This support is currently targeted for
phase 3/4. What I'm thinking is that I can prototype some of this support,
completely based on DS implementation, and create auth providers, and
SecurityInterceptor with this functionality.

With this approach I can stay closely involved with DS, and work back
updates, and patches. This should also give some valuable real world
experience for the use-case that we can discuss as Phase 3,4 kicks off. I
DO NOT want to create another security framework, it's just about timing.

What do you think?

-- 

-- 
"Know the rules well, so you can break them effectively" - Dalai Lama XIV
-
@abstractj
-
Volenti Nihil Difficile

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message