users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Events for login/logout

From: Rudy De Busscher <rdebusscher_at_gmail.com>
Date: Fri, 31 Mar 2017 16:59:16 +0200

Hi Arjan,

That would indeed a good addition for this release (EE8), as it is linked
to the 'authentication' theme we have.

The question is, what do we put as payload within the event? I should say
the principal,
*javax.security.CallerPrincipal*
which we have created for the spec.

And next to login and logout events, I should also add a* failed login*
event.

This allows the developers to 'block' a user when there are x failed
attempts.

Regards
Rudy


On 31 March 2017 at 14:35, arjan tijms <arjan.tijms_at_gmail.com> wrote:

> Hi,
>
> One of the things that were discussed early on, but till so far hasn't
> seen much followup is throwing (CDI) events when the caller is
> authenticated (logs in) and logs out.
>
> See this issue: https://java.net/jira/browse/JASPIC_SPEC-21
>
> I also wrote an article about this a couple of years ago:
>
> http://arjan-tijms.omnifaces.org/2012/12/bridging-
> undertows-authentication.html
>
> An example of how these events can be used in practice is shown here:
>
> https://github.com/javaeekickoff/java-ee-kickoff-
> app/blob/master/src/main/java/org/example/kickoff/model/
> producer/ActiveUserProducer.java
>
> The simple post authenticate events (being informational only) are
> relatively well understood and something like this is quite often asked for
> and/or needed by users.
>
> I think it would be good to include this in JSR 375.
>
> Thoughts?
>
> Kind regards,
> Arjan Tijms
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Java EE Security API - JSR 375 - Experts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsr375-experts+unsubscribe_at_googlegroups.com.
> To post to this group, send email to jsr375-experts_at_googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/jsr375-experts/CAE%3D-AhCLNv6U297cETZTGK%
> 2B5V4MWi5LxoMyd0kF3oRF2am2RMQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/jsr375-experts/CAE%3D-AhCLNv6U297cETZTGK%2B5V4MWi5LxoMyd0kF3oRF2am2RMQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.