users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Devoxx BE feedback

From: Werner Keil <werner.keil_at_gmail.com>
Date: Tue, 24 Nov 2015 14:14:52 +0100

Hi,

Still might have to look at the DevoXX video, but just a quick question,
which of the demos from https://github.com/javaee-samples/javaee7-samples/
<https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java#L58>
or
elsewhere are good to show something live, too?
I booked my flight for codemotion Tel Aviv and organizers also confirmed
accomodation, so as long as no great Middle-Eastern War breaks out in the
region, I'm good to go.
I was also smart to neither book cheaper indirect alternate flights via
Turkey, Russia or the Ukraine;-) Going non-stop with El Al seems safest
under the current circumstances.

Thanks and Regards,
Werner

On Mon, Nov 16, 2015 at 10:54 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:

> Hi,
>
> On Mon, Nov 16, 2015 at 7:51 PM, Rudy De Busscher <rdebusscher_at_gmail.com>
> wrote:
>
>> @All,
>>
>> Just want to add one additional thing.
>>
>> There was a question about adding 'metadata' of the logged in user (like
>> department, affiliate, ...) so that it can be used to determine if the
>> user/caller is allowed to execute the specified action.
>>
>
> That's a bit in the domain of JSR 351, isn't it?
>
> The default way of sorts to do this now I think is by using a custom
> principal that has properties for this metadata. JASPIC already supports
> setting a custom principal. See
> https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java#L58
>
> A custom principal would play well with EL, as the exact type doesn't have
> to be known there.
>
> E.g.
>
> @EvaluateSecured("callerPrincipal.department == 'finance'")
>
> We do have to discuss I believe how to support a custom principal with the
> identity store interface. Perhaps an extra property on the return value of
> the validate() method that takes precedence if not null?
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>
>>
>> Hope to meet some more experts another time. :)
>>
>> Best regards
>> Rudy
>>
>>
>> On 16 November 2015 at 15:53, Jean-Louis Monteiro <
>> jlmonteiro_at_tomitribe.com> wrote:
>>
>>> Hi everyone,
>>>
>>> Was last week at Devoxx BE. Got to meet Rudy from the expert group which
>>> is nice.
>>> The talk itself went great. Did reuse some of the materials already done
>>> previously.
>>>
>>> Good participation during regular polls when I was talking.
>>> Surprisingly no question during the Q/R which made me feel bad.
>>>
>>> But right after the applause, about 10 people jumped on stage to discuss
>>> and congratulate me which made me feel a bit better.
>>> Wasn't my best talk at all, but looks like at least some people found it
>>> interesting.
>>>
>>> Some feedback
>>>
>>> - rather use user than caller for the consistency question
>>>
>>> - CDI must be in the landscape - @Transactional used as a comparison of
>>> the thing to do. Antoine also opened the doors to collaborate.
>>>
>>> - Events - people overall really liked the event approach to either
>>> collect information about the authN/authZ process, or also to authenticate
>>> as we proposed in the playground.
>>>
>>> - Websocket - please do not forget it. What about HTTP/2 also.
>>>
>>> - Multi-tenancy - targeting the cloud is a great decision but
>>> multi-tenancy must be addressed.
>>>
>>> Hope this helps our discussions.
>>>
>>> --
>>> Jean-Louis Monteiro
>>> http://twitter.com/jlouismonteiro
>>> http://www.tomitribe.com
>>>
>>
>>
>