users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Startup initialization idea

From: Adam Bien <abien_at_adam-bien.com>
Date: Mon, 20 Apr 2015 06:52:28 +0200

Hi Arjan,

Thanks!

with the @Stereotype + @Alternative combination we could even boot all classes related with a given authentication mechanism at once.

I will play a bit with the programmatic approach and start with an injectable Registry first,

cheers,

adam
> On 19.04.2015, at 19:32, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>
> Hi,
>
> Looks awesome!
>
> Didn't yet study the code in detail, but the declarative approach is
> indeed what should work best. Programmatic should be possible too, but
> I think less people would want to use that (compare Servlet spec,
> which has declarative annotations, declarative XML, and a programmatic
> API to say register Servlets or Filters).
>
> It should be a small step to make the ServerAuthModule implementation
> a bean itself too. I.e.a runtime provided non-bean version can simply
> obtain a bean version from the bean manager and delegate every method
> to that 1:1.
>
> Kind regards,
> Arjan
>
>
>
>
> On Sun, Apr 19, 2015 at 10:32 AM, Adam Bien <abien_at_adam-bien.com> wrote:
>> Hi *,
>>
>> I was able to move the JASPIC initialization from application code into the SPI (org.omnifaces in our case) relying on lazy injection of authorization modules.
>>
>>
>> @Inject
>> Instance<ServerAuthModule> authModule;
>>
>> Two stereotypes: https://github.com/AdamBien/secspike/tree/master/todo/src/main/java/javax/annotation/security are marking the marking the corresponding module. This decouples the application code from SPI.
>>
>> To choose the authentication method, the application will have to choose the appropriate annotation in beans.xml:
>>
>> <beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
>> bean-discovery-mode="all">
>> <alternatives>
>> <!--
>> <stereotype>javax.annotation.security.TokenAuthentication</stereotype>
>> -->
>> <stereotype>javax.annotation.security.BasicAuthentication</stereotype>
>> </alternatives>
>> </beans>
>>
>> The code works on GF 4.1.
>>
>> Any feedback is welcome!
>>
>> cheers,
>>
>> adam
>>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.