Hi,
I created a new issue here and linked it to the authentication mechanism
story. If you or anyone else it's better to have this be its own top-level
story I can change that of course.
I hope to succeed in prototyping an initial version soon.
Kind regards,
Arjan Tijms
On Mon, Jan 11, 2016 at 7:18 AM, Werner Keil <werner.keil_at_gmail.com> wrote:
> Arjan,
>
> Thanks for the Initiative.
> Would you create a new Story for that in Jira?
>
> Cheers,
> Werner
> Am 10.01.2016 22:00 schrieb "arjan tijms" <arjan.tijms_at_gmail.com>:
>
>> Hi,
>>
>> One of the extra features that I was looking at for the initial EDR is a
>> "remember me" facility.
>>
>> "Remember me" means that a caller initially authenticates with normal
>> credentials, after which the container stores the authenticated identity
>> (name + roles) somewhere and sends back a cookie with a token.
>>
>> This facility is not entirely trivial and goes a little beyond the low
>> hanging fruit that Alex asked for. Still I'd like to give it a shot, but
>> obviously this hasn't the highest priority and I would be okay with moving
>> this to a later EDR.
>>
>> The design I was now thinking about involves the following:
>>
>> * Interceptor for the validateRequest and clearSubject methods
>> * A special type of IdentityStore that has additional
>> generateToken(String caller, List<String> groups) method and
>> removeToken(String token) methods
>> * Some helper code for setting/clearing cookies
>>
>> It would be essentially like the AutoApplySession interceptor, but using
>> a user provided storage instead of the HTTP session. See
>> https://github.com/arjantijms/mechanism-to-store-x/blob/master/jsr375/src/main/java/org/glassfish/jsr375/cdi/AutoApplySessionInterceptor.java
>>
>> Thoughts?
>>
>> Kind regards,
>> Arjan Tijms
>>
>>