check this out http://www.pac4j.org/
On Mon, Dec 12, 2016 at 6:12 PM, Rob <[email protected]> wrote: > I am taking a fresh look at how to best handle authorization and > authentication in Dropwizard today. I think it would be a very helpful > conversation for all of us if we could share what we're using for authn and > authz, and what we feel would be the simplest/best/etc approach today. > > Here's my personal take on the requirements are for a modern authn and > authz solution: > > 1) As few external dependencies as possible - e.g. no dependency on > external service, such as KeyCloak, Auth0, etc. Should be able to use the > app's database as the identity provider for users and role/permissions. > > 2) Simplicity - many security libraries try to handle every protocol or > standard, and end up being hard to configure and troubleshoot. > > 3) Works cleanly with both indirect clients (views; web form-based login) > and direct clients (APIs). Example use case: a view rendered server-side > has some JS that fetches data from a resource. > > 4) Simple role and/or permission based access control. > > 5) User can optionally authenticate via Facebook, Google, etc. > > 6) If an account needs to be de-activated, user can be logged out across > all devices/sessions within minutes. > > 7) The project is actively maintained and updated. > > Bonus: in theory stateless sessions would be nice option to have - > although there are probably too many drawbacks to make the complexity worth > it (e.g. JWT with short-lived access tokens and long-lived refresh tokens). > > I don't think there's any Java solution out there that meets the > requirements above, but I'd love to hear if anyone has gotten close. > > -- > You received this message because you are subscribed to the Google Groups > "dropwizard-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
