Hi,
It's a bit more complex for most clients I work with. Wildfly won't be
coming that soon, either EAP 6 or 7 for newer apps.
The "Security Context" (many of the constructs defined in-house often more
than a decade ago also have "Context" in their name) is something that
would be quite beneficial.
There are applications and services which may be used in many different
scenarios.
- Intranet (different kinds of users and roles e.g. manager or admin vs.
standard user or in some cases also external partners like sales agents,...)
- Internet (mobile or "home" access. the types of users vary e.g. from
prospects to existing users/customers, which also have different groups or
needs depending on the type of user)
User management varies, KK captured this rather well in his talk at
JavaOne. We have traditional LDAP or DB store for most of the in-house
users, while internet uses OAuth in most cases.
The applications we deal with here right now don't add users directly, they
only consume them from the various sources. There could be some but most
are dedicated permission and security apps.
At least the current client has a lot of Spring based solutions, so trying
to "standardize" things often means using Spring features instead of
something developed in-house before;-)
Spring Security has a very thin "core" but dozens or more different
packages and modules. Hard to compare.
An integration for the Cloud is offered for a "User as a Service" provider
called UserStore. Not sure, if they are a relevant player, but Oracle
should be able to find out, they're based right in its backyard:
https://www.userstore.io/privacy-policy
If a company like that matters, then backing our IdentityStore with such
service would be a great Cloud-based use case.
Hopefully doable without much Oauth on our side, otherwise it may be
something to keep for later.
Kind Regards,
Werner
On Wed, Oct 12, 2016 at 9:20 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> hi,
>
> On Wed, Oct 12, 2016 at 8:39 AM, Ivar Grimstad <ivar.grimstad_at_gmail.com>
> wrote:
>
>> Most projects I am involved in manage their own users. That means that my
>> application's UserService will need to update/insert to the
>> userPrincipal/UserRole tables that e.g. WildFly is configured with. It will
>> also need to know the password encryption/hashing algorithm that are
>> configured for the domain to be able to support "change
>> password"/"forgotten password" functionality.
>>
>
> Same here, but it then happens the other way around; WildFly is configured
> with an "identity store" that internally uses a UserService that uses said
> userPrincipal/UserRole tables and hashing algorithm. The application can
> access this same UserService directly, and thus everyone is happy.
>
> WildFly can get users (credentials/groups) from the configured identity
> store, and the application can additionally insert/update/delete users.
>
> In that setup there's no configuration that only WildFly and not the app
> knows about.
>
>
>> That kind of destroys portability for these applications (even if that
>> usually is no issue as we tend to stay with the same application server).
>>
>
> Likewise here ;)
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>
>>
>> Ivar
>>
>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 1. There was also a request to start holding regular
>>> meetings -- weekly or bi-weekly, but regular.
>>>
>>>
>>> +1
>>>
>>> Kind regards,
>>> Arjan Tijms
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You received this message because you are subscribed to the Google
>>> Groups "Java EE Security API - JSR 375 - Experts" group.
>>>
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to jsr375-experts+unsubscribe_at_googlegroups.com.
>>>
>>> To post to this group, send email to jsr375-experts_at_googlegroups.com.
>>>
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/jsr375-experts/CAE%3D-AhD%3D3V%2BvOGDToE2TupVH5R6N_77fbJ
>>> Sexg_H73M4H9QGdw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/jsr375-experts/CAE%3D-AhD%3D3V%2BvOGDToE2TupVH5R6N_77fbJSexg_H73M4H9QGdw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Java EE Security API - JSR 375 - Experts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsr375-experts+unsubscribe_at_googlegroups.com.
> To post to this group, send email to jsr375-experts_at_googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/jsr375-experts/CAE%3D-AhCEsqX5CiCaYLycGxKP2x2NN4WS4h
> iiQRjpxv6Jr4a8nA%40mail.gmail.com
> <https://groups.google.com/d/msgid/jsr375-experts/CAE%3D-AhCEsqX5CiCaYLycGxKP2x2NN4WS4hiiQRjpxv6Jr4a8nA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>