Hi,
One of the extra features that I was looking at for the initial EDR is a
"remember me" facility.
"Remember me" means that a caller initially authenticates with normal
credentials, after which the container stores the authenticated identity
(name + roles) somewhere and sends back a cookie with a token.
This facility is not entirely trivial and goes a little beyond the low
hanging fruit that Alex asked for. Still I'd like to give it a shot, but
obviously this hasn't the highest priority and I would be okay with moving
this to a later EDR.
The design I was now thinking about involves the following:
* Interceptor for the validateRequest and clearSubject methods
* A special type of IdentityStore that has additional generateToken(String
caller, List<String> groups) method and removeToken(String token) methods
* Some helper code for setting/clearing cookies
It would be essentially like the AutoApplySession interceptor, but using a
user provided storage instead of the HTTP session. See
https://github.com/arjantijms/mechanism-to-store-x/blob/master/jsr375/src/main/java/org/glassfish/jsr375/cdi/AutoApplySessionInterceptor.java
Thoughts?
Kind regards,
Arjan Tijms