directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: JASPIC realm
Date Fri, 18 Aug 2017 14:04:47 GMT
Hey Steve,

was hoping you were going to chime in.  

As starting point, there’s this:
https://github.com/javaee-security-spec/security-examples/tree/master/simple-jaspic-example

which then should work with Tomcat’s jaspic:
https://tomcat.apache.org/tomcat-9.0-doc/config/jaspic.html.

Next, we map it back to the fortress APIs, similar to how the fortress tomcat realm works.

I like the idea of supporting wildfly and mapping roles to permissions as config options.
 Perhaps we could make the authN pluggable as well to support your cosign req's.  That way
penn state could elect to use the (new) fortress jaspic library but wouldn’t require a donation
of their current library.

There also JSR-375 coming down the pike which sounds really interesting to and should be considered
by us.
https://github.com/javaee/security-soteria

Thanks,
Shawn

> On Aug 18, 2017, at 7:51 AM, Steve Moyer <smoyer@psu.edu> wrote:
> 
> Shawn,
> 
> We are currently using a JASPIC solution here at Penn State.  Chris (Harm) describes
it more as a framework and there are certainly peculiarities that are specific to our organization
(e.g.  Using Cosign as the authentication server, Wildfly-specific configuration and the mapping
of Fortress permissions to Java EE roles).  We'd be happy to donate this code - at least to
give the project a boost but we'd have to talk through how this could be accomplished generically.
> 
> Steve


Mime
View raw message