Hi,
Haven't gotten a response on the below yet, so I'll try to continue today
with the EL option. It's a draft proposal anyway and with the enormously
useful ELProcessor from EL 3.0 it should be almost trivial to implement.
On Tue, Jan 12, 2016 at 10:05 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> @RememberMe(
> isRememberMe="#{testAuthenticationMechanism.isRememberMe}"
> )
> @RequestScoped
> @Named
> public class TestAuthenticationMechanism implements
> HttpAuthenticationMechanism
>
>
> or using an annotated method on the same type that has the @RememberMe:
>
> @RememberMe
> @RequestScoped
> public class TestAuthenticationMechanism implements
> HttpAuthenticationMechanism {
>
> @IsRememberMe
> public boolean isRememberMe() {
> return true; // or do whatever custom logic is needed
> }
>
> // ...
> }
>
>
> Thoughts?
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>
> On Tue, Jan 12, 2016 at 1:19 AM, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
>
>> Hi,
>>
>> I created a new issue here and linked it to the authentication mechanism
>> story. If you or anyone else it's better to have this be its own top-level
>> story I can change that of course.
>>
>> I hope to succeed in prototyping an initial version soon.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>> On Mon, Jan 11, 2016 at 7:18 AM, Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> Arjan,
>>>
>>> Thanks for the Initiative.
>>> Would you create a new Story for that in Jira?
>>>
>>> Cheers,
>>> Werner
>>> Am 10.01.2016 22:00 schrieb "arjan tijms" <arjan.tijms_at_gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> One of the extra features that I was looking at for the initial EDR is
>>>> a "remember me" facility.
>>>>
>>>> "Remember me" means that a caller initially authenticates with normal
>>>> credentials, after which the container stores the authenticated identity
>>>> (name + roles) somewhere and sends back a cookie with a token.
>>>>
>>>> This facility is not entirely trivial and goes a little beyond the low
>>>> hanging fruit that Alex asked for. Still I'd like to give it a shot, but
>>>> obviously this hasn't the highest priority and I would be okay with moving
>>>> this to a later EDR.
>>>>
>>>> The design I was now thinking about involves the following:
>>>>
>>>> * Interceptor for the validateRequest and clearSubject methods
>>>> * A special type of IdentityStore that has additional
>>>> generateToken(String caller, List<String> groups) method and
>>>> removeToken(String token) methods
>>>> * Some helper code for setting/clearing cookies
>>>>
>>>> It would be essentially like the AutoApplySession interceptor, but
>>>> using a user provided storage instead of the HTTP session. See
>>>> https://github.com/arjantijms/mechanism-to-store-x/blob/master/jsr375/src/main/java/org/glassfish/jsr375/cdi/AutoApplySessionInterceptor.java
>>>>
>>>> Thoughts?
>>>>
>>>> Kind regards,
>>>> Arjan Tijms
>>>>
>>>>
>>
>