users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Random code repo

From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Mon, 16 Mar 2015 17:41:38 +0100

Hi,

On Mon, Mar 16, 2015 at 11:01 AM, David Blevins <dblevins_at_tomitribe.com>
wrote:

> Scoured the JIRAs in an attempt to pull out the code snippets used in all
> the JIRAs.
>

Nice, thanks! ;)


A while back I started an experimental project that contains a lot of
things that are basically prototypes for the Java EE security issues I
created or still intend to create: See http://omnisecurity.omnifaces.org

For example, here I tried out some code for a "remember me" function that
can work with all kinds of authentication mechanisms:

https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/wrappers/RememberMeWrapper.java


And this is a base class for HTTP authentication modules, that (IMHO)
greatly simplifies the existing very general interface:

https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/core/HttpServerAuthModule.java


Here's a stateless token authentication module which I showed before:

https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/authmodules/TokenAuthModule.java


Here's a utility method that makes it really easy to programmatically
register an auth module:

https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/core/Jaspic.java#L319


Here two simple authentication events and a base class for them:

https://github.com/omnifaces/omnisecurity/tree/master/src/main/java/org/omnifaces/security/events

etc etc

The overarching idea of this code is that it does not try to reinvent the
wheel, but provides ease of use abstractions on top of existing APIs.

Everything in this repo can be contributed to the security jsr if needed,
and re-licensed if needed (it currently uses Apache 2.0).

Kind regards,
Arjan Tijms
















>
> I do my best thinking in my editor rather than email. It's also
> significantly faster for me to use the IDE in presentations rather than
> pull code and put into slides.
>
> - https://github.com/dblevins/javaee-security-proposals
>
> Let me know your Github ID and I'll add you. Found a few of you already
> and added.
>
>
> Side note, I did grab the `javaee-security-spec` org on Github just to
> make sure someone in the EG had it.
>
> - https://github.com/javaee-security-spec
>
> Didn't open it up as I don't want to step on toes.
>
>
> --
> David Blevins
> http://twitter.com/dblevins
> http://www.tomitribe.com
> 310-633-3852
>
>