Arjan,
Thanks for the Initiative.
Would you create a new Story for that in Jira?
Cheers,
Werner
Am 10.01.2016 22:00 schrieb "arjan tijms" <arjan.tijms_at_gmail.com>:
> Hi,
>
> One of the extra features that I was looking at for the initial EDR is a
> "remember me" facility.
>
> "Remember me" means that a caller initially authenticates with normal
> credentials, after which the container stores the authenticated identity
> (name + roles) somewhere and sends back a cookie with a token.
>
> This facility is not entirely trivial and goes a little beyond the low
> hanging fruit that Alex asked for. Still I'd like to give it a shot, but
> obviously this hasn't the highest priority and I would be okay with moving
> this to a later EDR.
>
> The design I was now thinking about involves the following:
>
> * Interceptor for the validateRequest and clearSubject methods
> * A special type of IdentityStore that has additional generateToken(String
> caller, List<String> groups) method and removeToken(String token) methods
> * Some helper code for setting/clearing cookies
>
> It would be essentially like the AutoApplySession interceptor, but using a
> user provided storage instead of the HTTP session. See
> https://github.com/arjantijms/mechanism-to-store-x/blob/master/jsr375/src/main/java/org/glassfish/jsr375/cdi/AutoApplySessionInterceptor.java
>
> Thoughts?
>
> Kind regards,
> Arjan Tijms
>
>