Ok then I created subtask, https://issues.apache.org/jira/browse/TOMEE-2453 under the main issue, https://issues.apache.org/jira/browse/TOMEE-2365 Can you please assign it to me?
On Fri, Jan 11, 2019 at 12:58 PM Jean-Louis Monteiro < jlmonte...@tomitribe.com> wrote: > That’d be great. > I have commit permissions so if you need help help or something. Lemme > know. > > > Le ven. 11 janv. 2019 à 07:12, Gurkan Erdogdu <cgerdo...@gmail.com> a > écrit : > > > Hello Roberto > > We probably need to move javax.security.enterprise.* package to geronimo > > specs project (https://github.com/apache/geronimo-specs) and then adding > > dependency to our javaee-api. After that we also need to release > > geronimo-specs. If you want, I can work on to create a new project in > > geronimo-specs. > > Regards. > > Gurkan > > > > On Wed, Jan 9, 2019 at 8:32 PM Roberto Cortez > <radcor...@yahoo.com.invalid > > > > > wrote: > > > > > Hi, > > > > > > I’ve merged the current state of the code. > > > > > > In the meanwhile, I’ll write some documentation to help to understand > the > > > implementation. > > > > > > Cheers, > > > Roberto > > > > > > > On 8 Jan 2019, at 15:19, Gurkan Erdogdu <cgerdo...@gmail.com> wrote: > > > > > > > > Hello Roberto, > > > > Thank you for initiating this integration. > > > > Can you prepare a small documentation (and also send to here) which > > helps > > > > contributors to understand the internals about your current commit. > > > > Regards. > > > > Gurkan > > > > > > > > > > > > On Tue, Jan 8, 2019 at 6:14 PM Roberto Cortez > > > <radcor...@yahoo.com.invalid> > > > > wrote: > > > > > > > >> Hi folks, > > > >> > > > >> I think I’m now done with the FormAuthentication. > > > >> > > > >> There are still things left to implement. At the moment, the code is > > > part > > > >> of the project but is not part of the binary. I would like to merge > > the > > > >> current PR: > > > >> https://github.com/apache/tomee/pull/277 < > > > >> https://github.com/apache/tomee/pull/277> > > > >> > > > >> I think this will give a chance for the community to contribute some > > of > > > >> the missing pieces. I can make a list in JIRA. > > > >> > > > >> So, if there is no strong opinions about merging this, I will be > doing > > > >> this in the end of the day. > > > >> > > > >> Cheers, > > > >> Roberto > > > >> > > > >>> On 30 Dec 2018, at 23:42, Roberto Cortez <radcor...@yahoo.com> > > wrote: > > > >>> > > > >>> Thanks! I’ll have a look! > > > >>> > > > >>>> On 28 Dec 2018, at 20:34, David Jencks <david.a.jen...@gmail.com> > > > >> wrote: > > > >>>> > > > >>>> Perhaps I didn’t recall correctly, or perhaps I implemented it for > > > >> Jetty (at eclipse). The code I’ve found at > > > >> > > > > > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/ > > > >> < > > > >> > > > > > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat7/src/main/java/org/apache/geronimo/tomcat/security/authentication/ > > > > > > > >> includes a FormAuthenticator and a JaspiAuthenticator. I don’t > recall > > > any > > > >> details of how I modified tomcat’s auth setup: I might have made one > > > that > > > >> was more adapted to JASPIC and the geronimo security framework than > > the > > > >> plain tomcat one. If this code is of any use to you, great, > > otherwise, > > > >> good luck! > > > >>>> > > > >>>> many thanks > > > >>>> David Jencks > > > >>>> > > > >>>>> On Dec 28, 2018, at 1:47 AM, Roberto Cortez > > > >> <radcor...@yahoo.com.INVALID> wrote: > > > >>>>> > > > >>>>> Hi David, > > > >>>>> > > > >>>>> Actually, the EE 8 Security spec tells you to use a JASPIC bridge > > > >> underneath the implementation, so your code might be a good fit. Can > > you > > > >> point me out to the sources so I can have a look? > > > >>>>> > > > >>>>> Thank you! > > > >>>>> > > > >>>>> Cheers, > > > >>>>> Roberto > > > >>>>> > > > >>>>>> On 28 Dec 2018, at 03:40, David Jencks < > david.a.jen...@gmail.com> > > > >> wrote: > > > >>>>>> > > > >>>>>> IIRC I wrote a JASPIC form authentication for the geronimo > server > > > >> long ago. Although the JASPIC deployment model was somewhat > > > >> incomprehensibly bizarre, the conversation model was very nice. > > > Depending > > > >> on what the EE 8 api is (I haven’t looked) the JASPIC implementation > > > might > > > >> be a source for webserver-independent code for from authentication > > that > > > >> could be easily adapted. > > > >>>>>> > > > >>>>>> David Jencks > > > >>>>>> > > > >>>>>>> On Dec 27, 2018, at 3:53 PM, Roberto Cortez > > > >> <radcor...@yahoo.com.INVALID> wrote: > > > >>>>>>> > > > >>>>>>> Update: > > > >>>>>>> > > > >>>>>>> I’ve started the implementation of the > > FormAuthenticationMechanism. > > > >> Is not as easy as it sounds, since it requires some conversation > chat > > > >> across requests. I thought about wrapping all the logic and use the > > > Tomcat > > > >> FormAuthenticator, since it does exactly what we need. > Unfortunately, > > > it is > > > >> too tied to the Tomcat code and it would require to instantiate a > lot > > to > > > >> Tomcat objects to be able to use it. I’m not sure if it would be > worth > > > it. > > > >> I ended up following the spec suggestion to use a CDI interceptor > and > > > I’m > > > >> copying / reusing some pieces of the FormAuthentication when > possible. > > > >>>>>>> > > > >>>>>>> PR updated: > > > >>>>>>> https://github.com/apache/tomee/pull/277 < > > > >> https://github.com/apache/tomee/pull/277> > > > >>>>>>> > > > >>>>>>> Cheers, > > > >>>>>>> Roberto > > > >>>>>>> > > > >>>>>>>> On 26 Dec 2018, at 22:11, Roberto Cortez > > > >> <radcor...@yahoo.com.INVALID> wrote: > > > >>>>>>>> > > > >>>>>>>> Hi folks, > > > >>>>>>>> > > > >>>>>>>> I’ve updated the PR with new changes: > > > >>>>>>>> > > > >>>>>>>> - I’ve implemented a CDI Extension to create > > > >> AuthenticationMechanism beans and a CDI class to keep track of the > > > mapping > > > >> between the authentication mechanism and the servlet that should be > > > >> checked. When a Servlet is executed the mapping is checked and if > > there > > > is > > > >> and associated AuthenticationMechanism, we validate the request with > > the > > > >> associated type (Basic, Form, etc). > > > >>>>>>>> > > > >>>>>>>> - Implemented the BasicAuthenticationMechanism and all the > > > plumbing > > > >> required to be executed. This required an HttpMessageContext to pass > > > >> information around, plus store some state to make decisions on > things > > to > > > >> do, including the CallbackHandler to pass in additional Callbacks to > > > create > > > >> the Principal and Groups > > > >>>>>>>> > > > >>>>>>>> - A default IdentityStore, using the Tomcat UserDatabase, that > > > >> reads user data from tomcat-users.xml > > > >>>>>>>> > > > >>>>>>>> I’ll probably move to implement the missing > > > >> AuthenticationMechanisms (FORM and Custom) next. > > > >>>>>>>> > > > >>>>>>>> Any feedback, always welcomed :) > > > >>>>>>>> > > > >>>>>>>> Cheers, > > > >>>>>>>> Roberto > > > >>>>>>>> > > > >>>>>>>>> On 19 Dec 2018, at 10:00, Bruno Baptista <bruno...@gmail.com > > > > > >> wrote: > > > >>>>>>>>> > > > >>>>>>>>> TomEE Security works for me. > > > >>>>>>>>> > > > >>>>>>>>> Bruno Baptista > > > >>>>>>>>> https://twitter.com/brunobat_ > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> On 19/12/18 00:20, Roberto Cortez wrote: > > > >>>>>>>>>> Hi folks, > > > >>>>>>>>>> > > > >>>>>>>>>> Work is progressing. > > > >>>>>>>>>> > > > >>>>>>>>>> I’ve added a good chunk of the API (as needed) to allow me > to > > > >> proceed. I’ve tried to use the Jakarta Security API jar. > > Unfortunately, > > > it > > > >> is full of dependencies to the other Jakarta dependent projects, > some > > > not > > > >> in central yet, so I couldn’t even build the project. > > > >>>>>>>>>> > > > >>>>>>>>>> At the moment, I’ve added the structure to register a JASPIC > > > >> provider to serve as a bride to the Security implementation code. > > With a > > > >> CDI extension, we can register the required AuthenticationMechanisms > > and > > > >> then look them up to delegate the authentication code. > > > >>>>>>>>>> > > > >>>>>>>>>> I’ve also wrote a default IdentityStoreHandler to validate > > user > > > >> credentials and retrieve user groups. This is just going through the > > > >> container registered IdentityStores and using the spec rules to > > identify > > > >> the credentials. > > > >>>>>>>>>> > > > >>>>>>>>>> Right now, I’m just calling this TomEE Security. If someone > > has > > > a > > > >> more fancy idea for a name, feel free to suggest it :) > > > >>>>>>>>>> > > > >>>>>>>>>> Cheers, > > > >>>>>>>>>> Roberto > > > >>>>>>>>>> > > > >>>>>>>>>>> On 14 Dec 2018, at 23:44, Roberto Cortez > > > >> <radcor...@yahoo.com.INVALID> wrote: > > > >>>>>>>>>>> > > > >>>>>>>>>>> Hi folks, > > > >>>>>>>>>>> > > > >>>>>>>>>>> I’ve now created a PR to push the work: > > > >>>>>>>>>>> https://github.com/apache/tomee/pull/277 < > > > >> https://github.com/apache/tomee/pull/277> > > > >>>>>>>>>>> > > > >>>>>>>>>>> It is still in the early stages. I’ve just spent a good > > amount > > > >> of time trying to understand the spec. The ideia here is that with a > > > >> ServerAuthModule we could verify each of the spec authentication > > > mechanisms > > > >> that will be implemented with a CDI Bean and use a CDI Extension to > > > create > > > >> the bean depending on the annotation you use. > > > >>>>>>>>>>> > > > >>>>>>>>>>> Cheers, > > > >>>>>>>>>>> Roberto > > > >>>>>>>>>>> > > > >>>>>>>>>>>> On 13 Dec 2018, at 16:06, Roberto Cortez > > > >> <radcor...@yahoo.com.INVALID> wrote: > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Hi folks, > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> I’ve created > https://jira.apache.org/jira/browse/TOMEE-2365 > > < > > > >> https://jira.apache.org/jira/browse/TOMEE-2365> to implement the > Java > > > EE > > > >> Security API that came up in EE 8. We are missing this spec > > > implementation, > > > >> and until we have it we cannot even say we are EE 8 compatible. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> I plan to start working on this. If anyone wants to > > > collaborate > > > >> with me, let me know. > > > >>>>>>>>>>>> > > > >>>>>>>>>>>> Cheers, > > > >>>>>>>>>>>> Roberto > > > >>>>>>>> > > > >>>>>>> > > > >>>>>> > > > >>>>> > > > >>>> > > > >>> > > > >> > > > >> > > > > > > > > > -- > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com >
