Right now, once the HTTP session is authenticated, the token is not used 
to check timeouts.  It relies on the application's HTTP Session settings 
to handle timeout.  Not sure if that is the right approach or not.

BTW, check out keycloak.org.  We've taken this stuff to the next level.

On 1/26/2014 3:24 PM, james truty wrote:
> Hi Weinan,
>
> The AWS load balancer sends an X-Forwarded-Proto header to the Jboss
> server in the backed, which Jboss is able to use if I add this valve and
> option to my jboss-web.xml:
>      <valve>
>          <class-name>org.apache.catalina.valves.RemoteIpValve</class-name>
>          <param>
>              <param-name>protocolHeader</param-name>
>              <param-value>x-forwarded-proto</param-value>
>          </param>
>      </valve>
> This allows Jboss to handle the original https request, and Resteasy to
> proceed with proper authorization. Thanks for the help! The only issue I
> see now is that the Bearer token that I get back by using client
> credentials and BASIC auth does not expire when I set it to - even if I
> set it to 1 minute in the RestEasy settings. It is still allowed after
> it should have timed out. Is there another way that I should be setting
> or enforcing the token timeout?
>
> Thanks,
> James
>
>
> On Sat, Jan 25, 2014 at 6:07 AM, Weinan Li <l.wei...@gmail.com
> <mailto:l.wei...@gmail.com>> wrote:
>
>     Hi James,
>
>     Sorry I’m not familiar with AWS load balancer. I know that mod_jk
>     supports to pass client SSL information to backend JBoss server and
>     the application in JBoss server could use the information to do
>     their work. And mod_jk is using standard AJPv13 protocol to forward
>     the client SSL information to backend JBoss servers. If AWS load
>     balancer supports AJPv13 protocol, it should also be able to pass
>     the SSL information to JBoss.
>
>     --
>     Weinan Li
>
>
>     On Saturday, January 25, 2014 at 6:55 AM, james truty wrote:
>
>      > I am trying to use RestEasy in Jboss as a central auth server to
>     authenticate REST calls behind an AWS load balancer. Ideally, this
>     load balancer would communicate to the Jboss server over HTTP (not
>     https) as the SSL part is handled at the load balancer level before
>     hitting the auth server in the backend. In this case, the Jboss
>     server has no knowledge of the SSL Cert or the HTTPS request. Is it
>     possible to use RestEasy for auth in this scenario? Without the SSL
>     connector configured through JBoss, I don't have access to the
>     necessary OAUTH urls.
>      >
>      > Thanks,
>      > James
>      >
>     
> ------------------------------------------------------------------------------
>      > CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>      > Learn Why More Businesses Are Choosing CenturyLink Cloud For
>      > Critical Workloads, Development Environments & Everything In Between.
>      > Get a Quote or Start a Free Trial Today.
>      >
>     
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>      >
>      > _______________________________________________
>      > Resteasy-users mailing list
>      > Resteasy-users@lists.sourceforge.net
>     <mailto:Resteasy-users@lists.sourceforge.net>
>     (mailto:Resteasy-users@lists.sourceforge.net
>     <mailto:Resteasy-users@lists.sourceforge.net>)
>      > https://lists.sourceforge.net/lists/listinfo/resteasy-users
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Resteasy-users mailing list
> Resteasy-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/resteasy-users
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Resteasy-users mailing list
Resteasy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/resteasy-users

Reply via email to