Hey Steve, was hoping you were going to chime in.
As starting point, there’s this: https://github.com/javaee-security-spec/security-examples/tree/master/simple-jaspic-example which then should work with Tomcat’s jaspic: https://tomcat.apache.org/tomcat-9.0-doc/config/jaspic.html. Next, we map it back to the fortress APIs, similar to how the fortress tomcat realm works. I like the idea of supporting wildfly and mapping roles to permissions as config options. Perhaps we could make the authN pluggable as well to support your cosign req's. That way penn state could elect to use the (new) fortress jaspic library but wouldn’t require a donation of their current library. There also JSR-375 coming down the pike which sounds really interesting to and should be considered by us. https://github.com/javaee/security-soteria Thanks, Shawn > On Aug 18, 2017, at 7:51 AM, Steve Moyer <[email protected]> wrote: > > Shawn, > > We are currently using a JASPIC solution here at Penn State. Chris (Harm) > describes it more as a framework and there are certainly peculiarities that > are specific to our organization (e.g. Using Cosign as the authentication > server, Wildfly-specific configuration and the mapping of Fortress > permissions to Java EE roles). We'd be happy to donate this code - at least > to give the project a boost but we'd have to talk through how this could be > accomplished generically. > > Steve
