Perhaps I didn’t recall correctly, or perhaps I implemented it for Jetty (at eclipse). The code I’ve found at http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/ <http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/> includes a FormAuthenticator and a JaspiAuthenticator. I don’t recall any details of how I modified tomcat’s auth setup: I might have made one that was more adapted to JASPIC and the geronimo security framework than the plain tomcat one. If this code is of any use to you, great, otherwise, good luck!
many thanks David Jencks > On Dec 28, 2018, at 1:47 AM, Roberto Cortez <radcor...@yahoo.com.INVALID> > wrote: > > Hi David, > > Actually, the EE 8 Security spec tells you to use a JASPIC bridge underneath > the implementation, so your code might be a good fit. Can you point me out to > the sources so I can have a look? > > Thank you! > > Cheers, > Roberto > >> On 28 Dec 2018, at 03:40, David Jencks <david.a.jen...@gmail.com> wrote: >> >> IIRC I wrote a JASPIC form authentication for the geronimo server long ago. >> Although the JASPIC deployment model was somewhat incomprehensibly bizarre, >> the conversation model was very nice. Depending on what the EE 8 api is (I >> haven’t looked) the JASPIC implementation might be a source for >> webserver-independent code for from authentication that could be easily >> adapted. >> >> David Jencks >> >>> On Dec 27, 2018, at 3:53 PM, Roberto Cortez <radcor...@yahoo.com.INVALID> >>> wrote: >>> >>> Update: >>> >>> I’ve started the implementation of the FormAuthenticationMechanism. Is not >>> as easy as it sounds, since it requires some conversation chat across >>> requests. I thought about wrapping all the logic and use the Tomcat >>> FormAuthenticator, since it does exactly what we need. Unfortunately, it is >>> too tied to the Tomcat code and it would require to instantiate a lot to >>> Tomcat objects to be able to use it. I’m not sure if it would be worth it. >>> I ended up following the spec suggestion to use a CDI interceptor and I’m >>> copying / reusing some pieces of the FormAuthentication when possible. >>> >>> PR updated: >>> https://github.com/apache/tomee/pull/277 >>> <https://github.com/apache/tomee/pull/277> >>> >>> Cheers, >>> Roberto >>> >>>> On 26 Dec 2018, at 22:11, Roberto Cortez <radcor...@yahoo.com.INVALID> >>>> wrote: >>>> >>>> Hi folks, >>>> >>>> I’ve updated the PR with new changes: >>>> >>>> - I’ve implemented a CDI Extension to create AuthenticationMechanism beans >>>> and a CDI class to keep track of the mapping between the authentication >>>> mechanism and the servlet that should be checked. When a Servlet is >>>> executed the mapping is checked and if there is and associated >>>> AuthenticationMechanism, we validate the request with the associated type >>>> (Basic, Form, etc). >>>> >>>> - Implemented the BasicAuthenticationMechanism and all the plumbing >>>> required to be executed. This required an HttpMessageContext to pass >>>> information around, plus store some state to make decisions on things to >>>> do, including the CallbackHandler to pass in additional Callbacks to >>>> create the Principal and Groups >>>> >>>> - A default IdentityStore, using the Tomcat UserDatabase, that reads user >>>> data from tomcat-users.xml >>>> >>>> I’ll probably move to implement the missing AuthenticationMechanisms (FORM >>>> and Custom) next. >>>> >>>> Any feedback, always welcomed :) >>>> >>>> Cheers, >>>> Roberto >>>> >>>>> On 19 Dec 2018, at 10:00, Bruno Baptista <bruno...@gmail.com> wrote: >>>>> >>>>> TomEE Security works for me. >>>>> >>>>> Bruno Baptista >>>>> https://twitter.com/brunobat_ >>>>> >>>>> >>>>> On 19/12/18 00:20, Roberto Cortez wrote: >>>>>> Hi folks, >>>>>> >>>>>> Work is progressing. >>>>>> >>>>>> I’ve added a good chunk of the API (as needed) to allow me to proceed. >>>>>> I’ve tried to use the Jakarta Security API jar. Unfortunately, it is >>>>>> full of dependencies to the other Jakarta dependent projects, some not >>>>>> in central yet, so I couldn’t even build the project. >>>>>> >>>>>> At the moment, I’ve added the structure to register a JASPIC provider to >>>>>> serve as a bride to the Security implementation code. With a CDI >>>>>> extension, we can register the required AuthenticationMechanisms and >>>>>> then look them up to delegate the authentication code. >>>>>> >>>>>> I’ve also wrote a default IdentityStoreHandler to validate user >>>>>> credentials and retrieve user groups. This is just going through the >>>>>> container registered IdentityStores and using the spec rules to identify >>>>>> the credentials. >>>>>> >>>>>> Right now, I’m just calling this TomEE Security. If someone has a more >>>>>> fancy idea for a name, feel free to suggest it :) >>>>>> >>>>>> Cheers, >>>>>> Roberto >>>>>> >>>>>>> On 14 Dec 2018, at 23:44, Roberto Cortez <radcor...@yahoo.com.INVALID> >>>>>>> wrote: >>>>>>> >>>>>>> Hi folks, >>>>>>> >>>>>>> I’ve now created a PR to push the work: >>>>>>> https://github.com/apache/tomee/pull/277 >>>>>>> <https://github.com/apache/tomee/pull/277> >>>>>>> >>>>>>> It is still in the early stages. I’ve just spent a good amount of time >>>>>>> trying to understand the spec. The ideia here is that with a >>>>>>> ServerAuthModule we could verify each of the spec authentication >>>>>>> mechanisms that will be implemented with a CDI Bean and use a CDI >>>>>>> Extension to create the bean depending on the annotation you use. >>>>>>> >>>>>>> Cheers, >>>>>>> Roberto >>>>>>> >>>>>>>> On 13 Dec 2018, at 16:06, Roberto Cortez <radcor...@yahoo.com.INVALID> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi folks, >>>>>>>> >>>>>>>> I’ve created https://jira.apache.org/jira/browse/TOMEE-2365 >>>>>>>> <https://jira.apache.org/jira/browse/TOMEE-2365> to implement the Java >>>>>>>> EE Security API that came up in EE 8. We are missing this spec >>>>>>>> implementation, and until we have it we cannot even say we are EE 8 >>>>>>>> compatible. >>>>>>>> >>>>>>>> I plan to start working on this. If anyone wants to collaborate with >>>>>>>> me, let me know. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Roberto >>>> >>> >> >
