Hi,
On Sun, Oct 25, 2015 at 2:50 AM, Alex Kosowski <alex.kosowski_at_oracle.com>
wrote:
> Perhaps the standard Identity Store "implementations" should really be
>> defined just as interfaces and not as classes. We could then declare
>> configuration of the standard implementations via annotation (e.g.,
>> DatabaseIdentityStoreDefinition, LdapIdentityStoreDefinition,
>> JaasIdentityStoreDefinition,JsonFileIdentityStoreDefinition) or via
>> deployment descriptor, following your example with
>> EmbeddedIdentityStoreDefinition.
>>
>
Indeed. We have to experiment a little to see what works best. There are
multiple options here. The standard identity store implementations can
either be fully vendor specific and only implement IdentityStore, or we can
define an additional interface for them so developers can (optionally) do
some limited interaction with them beyond just calling the validate()
method.
Perhaps you would provide an example of using the @CredentialCapable(
> UsernamePasswordCredential.class) qualifier? Also, perhaps you would have
> an example of extending a standard identity store with a custom defined one
> to support a custom defined credential?
Great suggestions, I'll look into making a second example that contains
more cases such as these.
I was currently looking at a demo implementation for the
DatabaseIdentityStoreDefinition, but ran into a bug with GlassFish where
the java:app and java:module namespaces temporarily disappear when the
lookup takes place from a SAM (see
https://java.net/jira/browse/GLASSFISH-21447). Ron Monzillo has already
replied that GlassFish should support this and I was debugging a little to
see what the culprit is.
>That example app is terrific! I would like to demonstrate it during the
JavaOne JSR 375 BOF. The app does not look like much, but when you realize
the caller was authenticated using data from an annotation, you realize how
these simple standardizations will make a BIG impact.
Thanks! :) The app indeed looks as bare as can be, just to have the minimal
amount of code that shows the actual authentication process taking place.
For a bigger/more complete demo I'd like to include somewhat more
sophisticated SAMs, such as the BASIC and Header ones I showed earlier. We
have not yet discussed let alone decided if it's going to be Servlet that
will ship a few standardised SAMs, or whether JSR 375 will do that. If it's
Servlet the activation/selection via an annotation may not be CDI based.
For the prototype I'll have to see how to deal with this uncertainty.
Kind regards,
Arjan Tijms