Hi,
On Tue, Nov 24, 2015 at 2:43 PM, Werner Keil <werner.keil_at_gmail.com> wrote:
> Thanks, will give it a try in Glassfish or JBoss/Wildfly then.
> Is there something preventing it from being either forked in the JSR 375
> orga or contributed to its samples, i.E. covering more than just one JSR?
>
Nope, not really. It can be put into the JSR 375 repo, but since that was
one big module and this is a standalone application I figured it was easier
to put it in my own repo first.
Other small thing was that the JSR 375 repo started to become a bit
unorganized, so I was a tad hesitant to put even more stuff there. Maybe
we'd want at least a top level "authentication" and "authorization", and
then under "authentication" the folders "identity_store" and
"authentication_mechanism", etc. I.e. basically following the big epics
that Alex created and used in his presentation.
Perhaps some distinction between API examples only, and actual working
applications?
And perhaps also an entirely separate repo, or a folder again, to
distinguish between things that are pure brain storming, and things that
are actually relatively close to what's been discussed and has been agreed
upon?
Terminology is still a bit of an issue too in the existing repo. Many
examples still use different names for essentially the same things, so it's
hard to see at first glance if they are about "identity stores" or about
"authentication mechanisms". I guess I could start with changing some of
the terminology in the existing repo if that's okay with everyone?
Kind regards,
Arjan Tijms
>
> Regards,
> Werner
>
>
>
> On Tue, Nov 24, 2015 at 2:34 PM, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
>
>> Hi,
>>
>> On Tue, Nov 24, 2015 at 2:14 PM, Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> Still might have to look at the DevoXX video, but just a quick question,
>>> which of the demos from
>>> https://github.com/javaee-samples/javaee7-samples/
>>> <https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java#L58> or
>>> elsewhere are good to show something live, too?
>>>
>>
>> This is an actual working application that incorporated the latest API
>> and what was discussed most recently:
>> https://github.com/arjantijms/mechanism-to-store
>>
>> It works directly on GlassFish 4.1.1 and Payara 4.1.1.153+
>>
>> It works on WildFly 9/10 as well, after JASPIC is "activated" there
>> (still a big drawback for demo purposes, but Darran promissed to do
>> something here, so let's hope that works out soon).
>>
>> It does not work on WebLogic 12.2.1 for the moment. WebLogic contains a
>> severe bug that makes JASPIC largely unusable.
>>
>> It doesn't work on Liberty 8.5.5.6/9-beta either, since CDI doesn't work
>> there in an auth module. On Liberty too, JASPIC needs a kind of activation
>> that's very unfortunately for demo purposes. Hopefully we can work
>> with Ajay and/or the IBM Liberty team to lift these constraints (already
>> contacted them).
>>
>>
>>
>>
>>> I booked my flight for codemotion Tel Aviv and organizers also confirmed
>>> accomodation, so as long as no great Middle-Eastern War breaks out in the
>>> region, I'm good to go.
>>> I was also smart to neither book cheaper indirect alternate flights via
>>> Turkey, Russia or the Ukraine;-) Going non-stop with El Al seems safest
>>> under the current circumstances.
>>>
>>
>> Stay safe, that's the most important thing!
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>>
>>> Thanks and Regards,
>>> Werner
>>>
>>> On Mon, Nov 16, 2015 at 10:54 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> On Mon, Nov 16, 2015 at 7:51 PM, Rudy De Busscher <
>>>> rdebusscher_at_gmail.com> wrote:
>>>>
>>>>> @All,
>>>>>
>>>>> Just want to add one additional thing.
>>>>>
>>>>> There was a question about adding 'metadata' of the logged in user
>>>>> (like department, affiliate, ...) so that it can be used to determine if
>>>>> the user/caller is allowed to execute the specified action.
>>>>>
>>>>
>>>> That's a bit in the domain of JSR 351, isn't it?
>>>>
>>>> The default way of sorts to do this now I think is by using a custom
>>>> principal that has properties for this metadata. JASPIC already supports
>>>> setting a custom principal. See
>>>> https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java#L58
>>>>
>>>> A custom principal would play well with EL, as the exact type doesn't
>>>> have to be known there.
>>>>
>>>> E.g.
>>>>
>>>> @EvaluateSecured("callerPrincipal.department == 'finance'")
>>>>
>>>> We do have to discuss I believe how to support a custom principal with
>>>> the identity store interface. Perhaps an extra property on the return value
>>>> of the validate() method that takes precedence if not null?
>>>>
>>>> Kind regards,
>>>> Arjan Tijms
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> Hope to meet some more experts another time. :)
>>>>>
>>>>> Best regards
>>>>> Rudy
>>>>>
>>>>>
>>>>> On 16 November 2015 at 15:53, Jean-Louis Monteiro <
>>>>> jlmonteiro_at_tomitribe.com> wrote:
>>>>>
>>>>>> Hi everyone,
>>>>>>
>>>>>> Was last week at Devoxx BE. Got to meet Rudy from the expert group
>>>>>> which is nice.
>>>>>> The talk itself went great. Did reuse some of the materials already
>>>>>> done previously.
>>>>>>
>>>>>> Good participation during regular polls when I was talking.
>>>>>> Surprisingly no question during the Q/R which made me feel bad.
>>>>>>
>>>>>> But right after the applause, about 10 people jumped on stage to
>>>>>> discuss and congratulate me which made me feel a bit better.
>>>>>> Wasn't my best talk at all, but looks like at least some people found
>>>>>> it interesting.
>>>>>>
>>>>>> Some feedback
>>>>>>
>>>>>> - rather use user than caller for the consistency question
>>>>>>
>>>>>> - CDI must be in the landscape - @Transactional used as a comparison
>>>>>> of the thing to do. Antoine also opened the doors to collaborate.
>>>>>>
>>>>>> - Events - people overall really liked the event approach to either
>>>>>> collect information about the authN/authZ process, or also to authenticate
>>>>>> as we proposed in the playground.
>>>>>>
>>>>>> - Websocket - please do not forget it. What about HTTP/2 also.
>>>>>>
>>>>>> - Multi-tenancy - targeting the cloud is a great decision but
>>>>>> multi-tenancy must be addressed.
>>>>>>
>>>>>> Hope this helps our discussions.
>>>>>>
>>>>>> --
>>>>>> Jean-Louis Monteiro
>>>>>> http://twitter.com/jlouismonteiro
>>>>>> http://www.tomitribe.com
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>