[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Aerogear-dev] AeroGear Security - call for participation

Hi Pete, just to make sure that we're on the same page, answers inline.

On Monday, July 30, 2012 at 8:27 AM, Pete Muir wrote:

Looks good Bruno.

As discussed on security-dev, DeltaSpike will probably provide:

* a lightweight authorization API (e.g. for REST endpoints, aerogear controller endpoints etc). This is implemented as a CDI interceptor, and delegates all work to it's SPI,
Do you mean something like SecurityInterceptor + annotation bindings?  https://github.com/apache/incubator-deltaspike/blob/5e4a7eb4de01004206f24ae22b9850e643bffe54/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecurityInterceptor.java
* we would probably want to write some extra integration for aerogear-controller and RESTEasy. This would allow us to do stuff like put the request and response in the InvocationContext. We might also want to add some support for wrapping any exceptions thrown in the right JAX-RS exception, adding response headers etc.

Do you have an example? I've been working on the integration with aerogear-controller and of course I'm interested on it.
* I would suggest using a security binding, rather than @Secured, as this is somewhat more powerful.
Something like this? https://github.com/aerogear/aerogear-controller-demo/blob/deltaspike/src/main/java/org/jboss/aerogear/controller/demo/idm/annotation/CustomSecurityBinding.java
* a lightweight authentication API, which could be used by your REST endpoints for login/logout, perhaps with some auto-population of credentials.
Does DeltaSpike currently provide it? Let me know.

On 27 Jul 2012, at 23:11, Bruno Oliveira wrote:

Hi folks,

We've been discussing a lot about security on the server side this week and I would like to hear some feedback about the document below before going into more specific implementation details.

Have a nice reading! :)
"The measure of a man is what he does with power" - Plato
Volenti Nihil Difficile
aerogear-dev mailing list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]