Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Ron Monzillo
TomEE Experts,

The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in
support of the portable integration
of new and/or custom authentication mechanisms in compatible Servlet
containers.

The Profile is a required component of all Full Platform EE Web
Containers, and we are receiving requests
for the profile to become a required component of the EE web profile. To
that end, we are contacting
standalone and EE web profile Servlet containers to determine if there
is interest in adopting the profile.

For those unfamiliar with JASPIC, the SPI is a general purpose facility
that applies the concepts of pluggable
authentication as defined by PAM and JAAS to the realm of message
authentication. The Servlet profile applies
the SPI to the realm of HttpServletRequest message authentication in the
context of servlet security constraint
processing. The SPI was defined to support complex challenge response
authentication protocols, and has
been shown to be an effective means to integrate portable
implementations of new internet authentication
mechanisms (e.g. Facebook Connect, and SAML WEB SSO) in compatible
Servlet containers.

Does the TomEE community support the inclusion of the Servlet profile of
JSR 196 in the EE web Profile?

thanks,

Ron Monzillo

------
More details:

The requirements of the profile are spelled out in chapter 3 of the
JASPIC specification:

http://download.oracle.com/otndocs/jcp/jaspic-1.0-mrel-eval-oth-JSpec/

and use of the SPI is described in high level terms in the javadoc:
which can be accessed at:

http://docs.oracle.com/javaee/6/api/javax/security/auth/message/config/package-frame.html 


Support for the profile by a servlet container mostly amounts to making
a few calls to the spi in the
context of the processing of servlet requests. The pattern is basically
as follows:

// determine if a pluggable auth module is configured for the current
application
AuthConfigProvider provider =
AuthConfigFactory.getFactory().getConfigProvider("HttpServlet",appID,listener);

if (provider != null) {
    /if yes, get the server side configuration provider that applies to
the application

     ServerAuthConfig config =
provider.getServerAuthConfig("HttpServlet",appID,cbh);

     // for each request to the application
     // get the configuration of authentication modules that applies to
the request

     messageInfo.setRequestMessage(httpServletRequest);
     messageInfo.setResponseMessage(httpServletResponse);
     String authContextID = config.getAuthContextID(messageInfo);
     ServerAuthContext context =
config.getAuthContext(authContextID,serviceSubject,properties);

     // invoke validateRequest on the module configuration; which will
invoke the configured auth modules

     AuthStatus status =
context.validateRequest(messageInfo,clientSubject,serviceSubject);

     if (status == AuthStatus.SUCCESS) {
         // Use the proprietary interfaces of the container to set the
userPrincipal on the request
         // proceed to authorize and invoke the servlet request as
appropriate
     } else {
         // extract the response from messageInfo and return (it may be
a challenge or an error message,
         // and will have been established by the auth module
     }
} else {
    // do what the container would do in the absense of jsr 196
}

------

I noticed that TomEE includes support for connector, A related use of
the JASPIC spi is in connector, where
the connector inflow contract requires the use of the JASPIC
CallerPrincipalCallback by the resource adapter
to set an authentication identity of the inflow.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

David Blevins-2
Hi Ron,

I saw the note on the Java EE 7 EG and haven't had the bandwidth to investigate and respond.  Your note is fantastic, especially the code snippet.

You mention Facebook Connect, which is interesting.  Is there a Facebook Connect JASPIC Provider?  If so, where is the code for that?  If you have links on where to get other providers, that helps too.

My hesitation for immediately and blindly saying "yes" to its inclusion in the Web Profile is simply because Java EE is full of incomplete security APIs few people use and for which there are even fewer to no providers.  I don't know if this describes JASPIC, but it has been out there for a major spec revision and it's not immediately clear if it has that "can't live without" quality I expect in a Web Profile spec.

Cc'ing Markus as he was the one who brought it up on JavaEE 7.  I suspect he might have some thoughts on what makes it a good candidate for the Web Profile.

Certainly, we can support it in TomEE+ at some point.


-David

On Jan 30, 2013, at 4:03 PM, Ron Monzillo <[hidden email]> wrote:

> TomEE Experts,
>
> The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in support of the portable integration
> of new and/or custom authentication mechanisms in compatible Servlet containers.
>
> The Profile is a required component of all Full Platform EE Web Containers, and we are receiving requests
> for the profile to become a required component of the EE web profile. To that end, we are contacting
> standalone and EE web profile Servlet containers to determine if there is interest in adopting the profile.
>
> For those unfamiliar with JASPIC, the SPI is a general purpose facility that applies the concepts of pluggable
> authentication as defined by PAM and JAAS to the realm of message authentication. The Servlet profile applies
> the SPI to the realm of HttpServletRequest message authentication in the context of servlet security constraint
> processing. The SPI was defined to support complex challenge response authentication protocols, and has
> been shown to be an effective means to integrate portable implementations of new internet authentication
> mechanisms (e.g. Facebook Connect, and SAML WEB SSO) in compatible Servlet containers.
>
> Does the TomEE community support the inclusion of the Servlet profile of JSR 196 in the EE web Profile?
>
> thanks,
>
> Ron Monzillo
>
> ------
> More details:
>
> The requirements of the profile are spelled out in chapter 3 of the JASPIC specification:
>
> http://download.oracle.com/otndocs/jcp/jaspic-1.0-mrel-eval-oth-JSpec/
>
> and use of the SPI is described in high level terms in the javadoc: which can be accessed at:
>
> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/config/package-frame.html 
>
> Support for the profile by a servlet container mostly amounts to making a few calls to the spi in the
> context of the processing of servlet requests. The pattern is basically as follows:
>
> // determine if a pluggable auth module is configured for the current application
> AuthConfigProvider provider = AuthConfigFactory.getFactory().getConfigProvider("HttpServlet",appID,listener);
>
> if (provider != null) {
>   /if yes, get the server side configuration provider that applies to the application
>
>    ServerAuthConfig config = provider.getServerAuthConfig("HttpServlet",appID,cbh);
>
>    // for each request to the application
>    // get the configuration of authentication modules that applies to the request
>
>    messageInfo.setRequestMessage(httpServletRequest);
>    messageInfo.setResponseMessage(httpServletResponse);
>    String authContextID = config.getAuthContextID(messageInfo);
>    ServerAuthContext context = config.getAuthContext(authContextID,serviceSubject,properties);
>
>    // invoke validateRequest on the module configuration; which will invoke the configured auth modules
>
>    AuthStatus status = context.validateRequest(messageInfo,clientSubject,serviceSubject);
>
>    if (status == AuthStatus.SUCCESS) {
>        // Use the proprietary interfaces of the container to set the userPrincipal on the request
>        // proceed to authorize and invoke the servlet request as appropriate
>    } else {
>        // extract the response from messageInfo and return (it may be a challenge or an error message,
>        // and will have been established by the auth module
>    }
> } else {
>   // do what the container would do in the absense of jsr 196
> }
>
> ------
>
> I noticed that TomEE includes support for connector, A related use of the JASPIC spi is in connector, where
> the connector inflow contract requires the use of the JASPIC CallerPrincipalCallback by the resource adapter
> to set an authentication identity of the inflow.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
Hi,

Personally i find it a bit too complicated compared to some not javaee
alternative to be a choice for the future.

Today something based on CDI sounds really more reasonable.

My 2cts...
Le 31 janv. 2013 05:45, "David Blevins" <[hidden email]> a écrit :

> Hi Ron,
>
> I saw the note on the Java EE 7 EG and haven't had the bandwidth to
> investigate and respond.  Your note is fantastic, especially the code
> snippet.
>
> You mention Facebook Connect, which is interesting.  Is there a Facebook
> Connect JASPIC Provider?  If so, where is the code for that?  If you have
> links on where to get other providers, that helps too.
>
> My hesitation for immediately and blindly saying "yes" to its inclusion in
> the Web Profile is simply because Java EE is full of incomplete security
> APIs few people use and for which there are even fewer to no providers.  I
> don't know if this describes JASPIC, but it has been out there for a major
> spec revision and it's not immediately clear if it has that "can't live
> without" quality I expect in a Web Profile spec.
>
> Cc'ing Markus as he was the one who brought it up on JavaEE 7.  I suspect
> he might have some thoughts on what makes it a good candidate for the Web
> Profile.
>
> Certainly, we can support it in TomEE+ at some point.
>
>
> -David
>
> On Jan 30, 2013, at 4:03 PM, Ron Monzillo <[hidden email]> wrote:
>
> > TomEE Experts,
> >
> > The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in
> support of the portable integration
> > of new and/or custom authentication mechanisms in compatible Servlet
> containers.
> >
> > The Profile is a required component of all Full Platform EE Web
> Containers, and we are receiving requests
> > for the profile to become a required component of the EE web profile. To
> that end, we are contacting
> > standalone and EE web profile Servlet containers to determine if there
> is interest in adopting the profile.
> >
> > For those unfamiliar with JASPIC, the SPI is a general purpose facility
> that applies the concepts of pluggable
> > authentication as defined by PAM and JAAS to the realm of message
> authentication. The Servlet profile applies
> > the SPI to the realm of HttpServletRequest message authentication in the
> context of servlet security constraint
> > processing. The SPI was defined to support complex challenge response
> authentication protocols, and has
> > been shown to be an effective means to integrate portable
> implementations of new internet authentication
> > mechanisms (e.g. Facebook Connect, and SAML WEB SSO) in compatible
> Servlet containers.
> >
> > Does the TomEE community support the inclusion of the Servlet profile of
> JSR 196 in the EE web Profile?
> >
> > thanks,
> >
> > Ron Monzillo
> >
> > ------
> > More details:
> >
> > The requirements of the profile are spelled out in chapter 3 of the
> JASPIC specification:
> >
> > http://download.oracle.com/otndocs/jcp/jaspic-1.0-mrel-eval-oth-JSpec/
> >
> > and use of the SPI is described in high level terms in the javadoc:
> which can be accessed at:
> >
> >
> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/config/package-frame.html
> >
> > Support for the profile by a servlet container mostly amounts to making
> a few calls to the spi in the
> > context of the processing of servlet requests. The pattern is basically
> as follows:
> >
> > // determine if a pluggable auth module is configured for the current
> application
> > AuthConfigProvider provider =
> AuthConfigFactory.getFactory().getConfigProvider("HttpServlet",appID,listener);
> >
> > if (provider != null) {
> >   /if yes, get the server side configuration provider that applies to
> the application
> >
> >    ServerAuthConfig config =
> provider.getServerAuthConfig("HttpServlet",appID,cbh);
> >
> >    // for each request to the application
> >    // get the configuration of authentication modules that applies to
> the request
> >
> >    messageInfo.setRequestMessage(httpServletRequest);
> >    messageInfo.setResponseMessage(httpServletResponse);
> >    String authContextID = config.getAuthContextID(messageInfo);
> >    ServerAuthContext context =
> config.getAuthContext(authContextID,serviceSubject,properties);
> >
> >    // invoke validateRequest on the module configuration; which will
> invoke the configured auth modules
> >
> >    AuthStatus status =
> context.validateRequest(messageInfo,clientSubject,serviceSubject);
> >
> >    if (status == AuthStatus.SUCCESS) {
> >        // Use the proprietary interfaces of the container to set the
> userPrincipal on the request
> >        // proceed to authorize and invoke the servlet request as
> appropriate
> >    } else {
> >        // extract the response from messageInfo and return (it may be a
> challenge or an error message,
> >        // and will have been established by the auth module
> >    }
> > } else {
> >   // do what the container would do in the absense of jsr 196
> > }
> >
> > ------
> >
> > I noticed that TomEE includes support for connector, A related use of
> the JASPIC spi is in connector, where
> > the connector inflow contract requires the use of the JASPIC
> CallerPrincipalCallback by the resource adapter
> > to set an authentication identity of the inflow.
>
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Ron Monzillo
In reply to this post by David Blevins-2
On 1/30/13 11:44 PM, David Blevins wrote:

> Hi Ron,
>
> I saw the note on the Java EE 7 EG and haven't had the bandwidth to investigate and respond.  Your note is fantastic, especially the code snippet.
>
> You mention Facebook Connect, which is interesting.  Is there a Facebook Connect JASPIC Provider?  If so, where is the code for that?  If you have links on where to get other providers, that helps too.
>
> My hesitation for immediately and blindly saying "yes" to its inclusion in the Web Profile is simply because Java EE is full of incomplete security APIs few people use and for which there are even fewer to no providers.  I don't know if this describes JASPIC, but it has been out there for a major spec revision and it's not immediately clear if it has that "can't live without" quality I expect in a Web Profile spec.
>
> Cc'ing Markus as he was the one who brought it up on JavaEE 7.  I suspect he might have some thoughts on what makes it a good candidate for the Web Profile.
>
> Certainly, we can support it in TomEE+ at some point.
Hi David,

Thanks for the quick response and your willingness to consider support
for JASPIC.

To your question about existing auth modules, and configuration
providers; one area where we have been
working to develop and publish such examples is in the Nobis Open source
project; which is the reference
implementation for JSR 351, the Identity Api. The Identity Api addresses
use cases where an authentication
agent binds access to the identity attributes of the user; thus the
present of jsr 196 agents within the java.net
project of the RI.

http://java.net/projects/nobis
http://java.net/projects/identity-api-spec

Nobis has various components, and the JSR 196 related components are
available under

http://java.net/projects/nobis/sources/git/show/Nobis/authentication

where you can find

http://java.net/projects/nobis/sources/git/show/Nobis/authentication/facebook-relying-party?rev=c7ef9b46801f968564b56076ce6cd5784447c5c0
http://java.net/projects/nobis/sources/git/show/Nobis/authentication/saml-relying-party?rev=c7ef9b46801f968564b56076ce6cd5784447c5c0

In their current form I would characterize both of the above as "proof
of concept", although we fully expect them to be refined such that they
can be widely adopted.

Nobis also includes some utilities and base classes to facilitate the
development of auth modules, and we have also developed a
portable AuthConfigFactory and JAAS based AuthConfigProvider which we
will also be submitted to Nobis. We will also be adding
more documentation to describe the use and configuration of the factory,
the JAAS config provider, and of each of the auth modules.

As Markus has shown, there are also various other places where auth
modules are being developed and made available.

I like you idea of a litmus test for inclusion in the web profile. I
look at it this way. The current required to be supported Servlet
authentication
mechanisms are mostly inadequate, if not completely inappropriate. One
problem they share, is that they all place the
Servlet container on the path between the user and the password
validation service, such that whenever a user is required to authenticate
with a web app, the user must pass its password through the Servlet
container on to the password validation service or realm; which
means that every app that requires us to authenticate, represents a site
where a uer password can be exposed, or misappropriated.
Conversely, its not like we can just add to the list of required to be
supported mechanisms, since fixing this problem mostly amounts
to there being 3rd party identity services that our users can expect our
application servers to accept as authentication authorities, and
the landscape of authentication authorities and the authentication
dialogs that they require is an evolving landscape. In this context,
what the platform needs is an ability to integrate agents of such
identity services (e.g., authentication modules); which is what the Servlet
Profile of JSR 196 makes possible (in a manner that is fully integrated
with Servlet's declarative authorization model).

Ron

>
> -David
>
> On Jan 30, 2013, at 4:03 PM, Ron Monzillo<[hidden email]>  wrote:
>
>> TomEE Experts,
>>
>> The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in support of the portable integration
>> of new and/or custom authentication mechanisms in compatible Servlet containers.
>>
>> The Profile is a required component of all Full Platform EE Web Containers, and we are receiving requests
>> for the profile to become a required component of the EE web profile. To that end, we are contacting
>> standalone and EE web profile Servlet containers to determine if there is interest in adopting the profile.
>>
>> For those unfamiliar with JASPIC, the SPI is a general purpose facility that applies the concepts of pluggable
>> authentication as defined by PAM and JAAS to the realm of message authentication. The Servlet profile applies
>> the SPI to the realm of HttpServletRequest message authentication in the context of servlet security constraint
>> processing. The SPI was defined to support complex challenge response authentication protocols, and has
>> been shown to be an effective means to integrate portable implementations of new internet authentication
>> mechanisms (e.g. Facebook Connect, and SAML WEB SSO) in compatible Servlet containers.
>>
>> Does the TomEE community support the inclusion of the Servlet profile of JSR 196 in the EE web Profile?
>>
>> thanks,
>>
>> Ron Monzillo
>>
>> ------
>> More details:
>>
>> The requirements of the profile are spelled out in chapter 3 of the JASPIC specification:
>>
>> http://download.oracle.com/otndocs/jcp/jaspic-1.0-mrel-eval-oth-JSpec/
>>
>> and use of the SPI is described in high level terms in the javadoc: which can be accessed at:
>>
>> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/config/package-frame.html
>>
>> Support for the profile by a servlet container mostly amounts to making a few calls to the spi in the
>> context of the processing of servlet requests. The pattern is basically as follows:
>>
>> // determine if a pluggable auth module is configured for the current application
>> AuthConfigProvider provider = AuthConfigFactory.getFactory().getConfigProvider("HttpServlet",appID,listener);
>>
>> if (provider != null) {
>>    /if yes, get the server side configuration provider that applies to the application
>>
>>     ServerAuthConfig config = provider.getServerAuthConfig("HttpServlet",appID,cbh);
>>
>>     // for each request to the application
>>     // get the configuration of authentication modules that applies to the request
>>
>>     messageInfo.setRequestMessage(httpServletRequest);
>>     messageInfo.setResponseMessage(httpServletResponse);
>>     String authContextID = config.getAuthContextID(messageInfo);
>>     ServerAuthContext context = config.getAuthContext(authContextID,serviceSubject,properties);
>>
>>     // invoke validateRequest on the module configuration; which will invoke the configured auth modules
>>
>>     AuthStatus status = context.validateRequest(messageInfo,clientSubject,serviceSubject);
>>
>>     if (status == AuthStatus.SUCCESS) {
>>         // Use the proprietary interfaces of the container to set the userPrincipal on the request
>>         // proceed to authorize and invoke the servlet request as appropriate
>>     } else {
>>         // extract the response from messageInfo and return (it may be a challenge or an error message,
>>         // and will have been established by the auth module
>>     }
>> } else {
>>    // do what the container would do in the absense of jsr 196
>> }
>>
>> ------
>>
>> I noticed that TomEE includes support for connector, A related use of the JASPIC spi is in connector, where
>> the connector inflow contract requires the use of the JASPIC CallerPrincipalCallback by the resource adapter
>> to set an authentication identity of the inflow.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Ron Monzillo
In reply to this post by Romain Manni-Bucau
On 1/31/13 1:14 AM, Romain Manni-Bucau wrote:
> Hi,
>
> Personally i find it a bit too complicated compared to some not javaee
> alternative to be a choice for the future.
>
> Today something based on CDI sounds really more reasonable.

Hi Romain,

I agree that there is some complexity in the spi; however, most of that
is carried
by parties other than the auth module developer.

For example the spi supports 3 dimensions of pluggability.

The AuthConfigFactory - the mapping of layer and applications to
configuration providers;
when no such mapping exists for an app (at a layer), jsr 196 is not
configured for the app at
that layer. All web containers can use a common portable
AuthConfigFactory, but most containers
prefer to provide their own factory that is well integrated with their
proprietary configuration systems.
In any event development of an AuthConfigFactory when done represents
complexity that the
container developer chooses to take on and takes responsability for.

The AuthConfigProvider- provided  configuration objects that define the
auth module configurations for an
app at a layer. Depending on the AuthConfigProvider, it may define
different auth module configurations
for different requests to the app at the layer. Web Containers have
typically developed proprietary AuthCOnfigProviders
that interpret module configuration attributes in proprietary deployment
descriptors. Portable AuthConfigProviders
such as the JASS AuthConfigProvider, I mentioned previously are also
available. Once developed these providers can
be registered in any AuthConfigFactory, where that enable the use of the
widely known jass configuration syntax to
configure authentication modules for web applications.

The AuthModule - this is the component that embodies the authentication
mechanism implementation; and should
be the only thing that the authentication mechanism developer needs to
focus on. FWIW, the feedback that we have
received in this regard, is that implementing an authentication module
is relatively straight forward (and in most case
much simpler than other alternatives). In Most cases, this amounts to
implementing 2 methods, init, and validateRequest.

On the side of the container runtime, there is also some work to do; and
that basically amounts to 2 tasks.

1. put the calls to the spi in the container runtime (as shown in my
prior message)
2. develop a callback handler that can handle the callbacks required to
be supported by the profile.

Ron

>
> My 2cts...
> Le 31 janv. 2013 05:45, "David Blevins"<[hidden email]>  a écrit :
>
>> Hi Ron,
>>
>> I saw the note on the Java EE 7 EG and haven't had the bandwidth to
>> investigate and respond.  Your note is fantastic, especially the code
>> snippet.
>>
>> You mention Facebook Connect, which is interesting.  Is there a Facebook
>> Connect JASPIC Provider?  If so, where is the code for that?  If you have
>> links on where to get other providers, that helps too.
>>
>> My hesitation for immediately and blindly saying "yes" to its inclusion in
>> the Web Profile is simply because Java EE is full of incomplete security
>> APIs few people use and for which there are even fewer to no providers.  I
>> don't know if this describes JASPIC, but it has been out there for a major
>> spec revision and it's not immediately clear if it has that "can't live
>> without" quality I expect in a Web Profile spec.
>>
>> Cc'ing Markus as he was the one who brought it up on JavaEE 7.  I suspect
>> he might have some thoughts on what makes it a good candidate for the Web
>> Profile.
>>
>> Certainly, we can support it in TomEE+ at some point.
>>
>>
>> -David
>>
>> On Jan 30, 2013, at 4:03 PM, Ron Monzillo<[hidden email]>  wrote:
>>
>>> TomEE Experts,
>>>
>>> The Servlet Profile of JSR 196 defines the use of the JASPIC SPI in
>> support of the portable integration
>>> of new and/or custom authentication mechanisms in compatible Servlet
>> containers.
>>> The Profile is a required component of all Full Platform EE Web
>> Containers, and we are receiving requests
>>> for the profile to become a required component of the EE web profile. To
>> that end, we are contacting
>>> standalone and EE web profile Servlet containers to determine if there
>> is interest in adopting the profile.
>>> For those unfamiliar with JASPIC, the SPI is a general purpose facility
>> that applies the concepts of pluggable
>>> authentication as defined by PAM and JAAS to the realm of message
>> authentication. The Servlet profile applies
>>> the SPI to the realm of HttpServletRequest message authentication in the
>> context of servlet security constraint
>>> processing. The SPI was defined to support complex challenge response
>> authentication protocols, and has
>>> been shown to be an effective means to integrate portable
>> implementations of new internet authentication
>>> mechanisms (e.g. Facebook Connect, and SAML WEB SSO) in compatible
>> Servlet containers.
>>> Does the TomEE community support the inclusion of the Servlet profile of
>> JSR 196 in the EE web Profile?
>>> thanks,
>>>
>>> Ron Monzillo
>>>
>>> ------
>>> More details:
>>>
>>> The requirements of the profile are spelled out in chapter 3 of the
>> JASPIC specification:
>>> http://download.oracle.com/otndocs/jcp/jaspic-1.0-mrel-eval-oth-JSpec/
>>>
>>> and use of the SPI is described in high level terms in the javadoc:
>> which can be accessed at:
>>>
>> http://docs.oracle.com/javaee/6/api/javax/security/auth/message/config/package-frame.html
>>> Support for the profile by a servlet container mostly amounts to making
>> a few calls to the spi in the
>>> context of the processing of servlet requests. The pattern is basically
>> as follows:
>>> // determine if a pluggable auth module is configured for the current
>> application
>>> AuthConfigProvider provider =
>> AuthConfigFactory.getFactory().getConfigProvider("HttpServlet",appID,listener);
>>> if (provider != null) {
>>>    /if yes, get the server side configuration provider that applies to
>> the application
>>>     ServerAuthConfig config =
>> provider.getServerAuthConfig("HttpServlet",appID,cbh);
>>>     // for each request to the application
>>>     // get the configuration of authentication modules that applies to
>> the request
>>>     messageInfo.setRequestMessage(httpServletRequest);
>>>     messageInfo.setResponseMessage(httpServletResponse);
>>>     String authContextID = config.getAuthContextID(messageInfo);
>>>     ServerAuthContext context =
>> config.getAuthContext(authContextID,serviceSubject,properties);
>>>     // invoke validateRequest on the module configuration; which will
>> invoke the configured auth modules
>>>     AuthStatus status =
>> context.validateRequest(messageInfo,clientSubject,serviceSubject);
>>>     if (status == AuthStatus.SUCCESS) {
>>>         // Use the proprietary interfaces of the container to set the
>> userPrincipal on the request
>>>         // proceed to authorize and invoke the servlet request as
>> appropriate
>>>     } else {
>>>         // extract the response from messageInfo and return (it may be a
>> challenge or an error message,
>>>         // and will have been established by the auth module
>>>     }
>>> } else {
>>>    // do what the container would do in the absense of jsr 196
>>> }
>>>
>>> ------
>>>
>>> I noticed that TomEE includes support for connector, A related use of
>> the JASPIC spi is in connector, where
>>> the connector inflow contract requires the use of the JASPIC
>> CallerPrincipalCallback by the resource adapter
>>> to set an authentication identity of the inflow.
>>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
In reply to this post by David Blevins-2
Hi David,

David Blevins-2 wrote
You mention Facebook Connect, which is interesting.  Is there a Facebook Connect JASPIC Provider?  If so, where is the code for that?  If you have links on where to get other providers, that helps too.
We have created a Facebook Connect JASPIC auth module (typically called SAM) for the OmniSecurity project (a spinoff of OmniFaces), at https://code.google.com/p/omnisecurity

It's actually a generic OAuth SAM that also supports Twitter, Google+, LinkedIn, etc. See the source at: https://code.google.com/p/omnisecurity/source/browse/src/org/omnifaces/security/jaspic/SocialServerAuthModule.java

One thing to note is that we wanted to use CDI so the application can provide a bean that's given the opportunity to create a local user whenever someone authenticates with e.g. Facebook. This is something JASPIC does not (yet) support so we had to work around that a little.

David Blevins-2 wrote
My hesitation for immediately and blindly saying "yes" to its inclusion in the Web Profile is simply because Java EE is full of incomplete security APIs few people use and for which there are even fewer to no providers.  I don't know if this describes JASPIC, but it has been out there for a major spec revision and it's not immediately clear if it has that "can't live without" quality I expect in a Web Profile spec.
I totally agree with you about the incomplete security APIs.

By far the number one complaint I hear about Java EE is its security system and how it all comes together. Obviously people are not happy with it. Improvement has to happen somewhere and after working with JASPIC for over a year now I'm convinced it's a very important stepping stone to a much better and better integrated security system in Java EE.

What's IMHO really holding JASPIC back at the moment is that only full Java EE implementations support it, which means you just can't really speak of truly portable auth modules. I think TomEE is one of the most important servers at the moment, so it not supporting JASPIC leaves a big gap.

It really would be awesome if TomEE could support it. If you need any help with the implementation I'm more than happy to volunteer.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
In reply to this post by Romain Manni-Bucau
Romain Manni-Bucau wrote
Personally i find it a bit too complicated compared to some not javaee
alternative to be a choice for the future.

Today something based on CDI sounds really more reasonable.
Well, the actual server auth module (SAM) interface really is not that complicated to use. For the author of such module it's not that different from a plain Servlet Filter, with the major difference that you can hand the container a username and a bunch of roles.

For intercepting a request, redirecting to a new page etc this works really well.

Of course at some point the actual user data has to be loaded from somewhere and for this CDI would be perfect. JASPIC doesn't support it yet, but there's an issue created for this already: https://java.net/jira/browse/JASPIC_SPEC-14

At the moment JASPIC does support delegating the actual loading of the user and roles to a JAAS login module, but as we all know JAAS is complex and was never really intended for the kind of use cases that are typical in Java EE. An alternative "login module/realm/whatever you wanna call it" based on CDI would be a much better and modern solution.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

David Blevins-2
In reply to this post by Arjan Tijms

On Aug 13, 2013, at 3:24 PM, Arjan Tijms <[hidden email]> wrote:

> By far the number one complaint I hear about Java EE is its security system
> and how it all comes together. Obviously people are not happy with it.
> Improvement has to happen somewhere and after working with JASPIC for over a
> year now I'm convinced it's a very important stepping stone to a much better
> and better integrated security system in Java EE.
>
> What's IMHO really holding JASPIC back at the moment is that only full Java
> EE implementations support it, which means you just can't really speak of
> truly portable auth modules. I think TomEE is one of the most important
> servers at the moment, so it not supporting JASPIC leaves a big gap.
>
> It really would be awesome if TomEE could support it. If you need any help
> with the implementation I'm more than happy to volunteer.

Well, let's get you started then! :)

As David J mentioned in the thread on the Tomcat list, there's some code in Geronimo for implementing this in Tomcat that he thought would be a good addition to Tomcat.

We might try and get that code working in TomEE.

Before that I wonder if we want to start with something simple like hacking up an Aquillian test?  In terms of starting the flow of patches, we've never really had anyone take advantage of the mirrors on Github.  Might be fun to experiment with that -- if we get a CLA (Contributor License Agreement) for you, we could take advantage of pull requests.

Open to any other thoughts you might have on how to get the ball rolling.


-David

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
<quote author="David Blevins-2">
Before that I wonder if we want to start with something simple like hacking up an Aquillian test?
<quote>

I just started with one ;) See https://github.com/arjantijms/jaspic-capabilities-test I also wrote a blog post about this which is at http://arjan-tijms.blogspot.com/2013/08/testing-jaspic-implementations-using.html

David Blevins-2 wrote
Open to any other thoughts you might have on how to get the ball rolling.
I guess it would be best to finish up the Arquillian tests first. There's some important stuff that's not covered yet.

After that's done I could try to hack a little on the existing Geronimo implementation and then see how we can take it from there.

Kind regards,
Arjan Tijms
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Anthony Fryer
In reply to this post by Arjan Tijms
I was looking for exactly this functionality 2 weeks ago to use with TomEE.  I ended up having to write a tomcat AuthenticatorValve and a custom Realm class to implement the same thing you've done with your standard JASPIC implementation (using SocialAuth as you have done).  It would be great to have this, especially for the Social Authentication scenario.  Any situation where you want to access the HttpServletRequest and HttpServletResponse to perform redirects and callbacks in the authentication "work flow" would benefit from this.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
Hi

answering there even if a bit old but google find this thread so
trying to keep threads consistent...

TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.

Romain Manni-Bucau
@rmannibucau |  Blog | Github | LinkedIn | Tomitriber


2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]>:

> I was looking for exactly this functionality 2 weeks ago to use with TomEE.
> I ended up having to write a tomcat AuthenticatorValve and a custom Realm
> class to implement the same thing you've done with your standard JASPIC
> implementation (using SocialAuth as you have done).  It would be great to
> have this, especially for the Social Authentication scenario.  Any situation
> where you want to access the HttpServletRequest and HttpServletResponse to
> perform redirects and callbacks in the authentication "work flow" would
> benefit from this.
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
Very interesting, is JASPIC support also in Tomcat 8.5.x and not just in 9?

Is there a binary build of TomEE master with this available? I'll see if I can run the Java EE 7 samples against it to see how it does in practice ;)




On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE & OpenEJB] <[hidden email]> wrote:
Hi

answering there even if a bit old but google find this thread so
trying to keep threads consistent...

TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.

Romain Manni-Bucau
@rmannibucau |  Blog | Github | LinkedIn | Tomitriber


2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]>:

> I was looking for exactly this functionality 2 weeks ago to use with TomEE.
> I ended up having to write a tomcat AuthenticatorValve and a custom Realm
> class to implement the same thing you've done with your standard JASPIC
> implementation (using SocialAuth as you have done).  It would be great to
> have this, especially for the Social Authentication scenario.  Any situation
> where you want to access the HttpServletRequest and HttpServletResponse to
> perform redirects and callbacks in the authentication "work flow" would
> benefit from this.
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.



To unsubscribe from Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
Le 26 mars 2016 23:28, "Arjan Tijms" <[hidden email]> a écrit :
>
> Very interesting, is JASPIC support also in Tomcat 8.5.x and not just in
9?
>

Yes

> Is there a binary build of TomEE master with this available? I'll see if I
> can run the Java EE 7 samples against it to see how it does in practice ;)
>
>

Normally master is deployed each night but sometimes it doesnt work so
should be.

Ran some ee samples but some of them are not portable or rely too much on
proprietary features. Will try to push my tomee branch next week.

>
>
> On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE & OpenEJB]
<

> [hidden email]> wrote:
>
> > Hi
> >
> > answering there even if a bit old but google find this thread so
> > trying to keep threads consistent...
> >
> > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
> >
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> >
> >
> > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
> >
> > > I was looking for exactly this functionality 2 weeks ago to use with
> > TomEE.
> > > I ended up having to write a tomcat AuthenticatorValve and a custom
> > Realm
> > > class to implement the same thing you've done with your standard
JASPIC
> > > implementation (using SocialAuth as you have done).  It would be great
> > to
> > > have this, especially for the Social Authentication scenario.  Any
> > situation
> > > where you want to access the HttpServletRequest and
HttpServletResponse
> > to
> > > perform redirects and callbacks in the authentication "work flow"
would
> > > benefit from this.
> > >
> > >
> > >
> > > --
> > > View this message in context:
> >
http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
> > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html
> > To unsubscribe from Consider support for the Servlet profile of JSR 196
> > (JASPIC) in TomEE, click here
> > <

> > .
> > NAML
> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>
> >
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE & OpenEJB] <[hidden email]> wrote:
Normally master is deployed each night but sometimes it doesnt work so
should be.

Ok, thanks!
 

Ran some ee samples but some of them are not portable or rely too much on
proprietary features. Will try to push my tomee branch next week.

The JASPIC tests from the Java EE 7 samples project should be as portable as one can get. Some servers insist on activating JASPIC (Liberty, JBoss), or having proprietary group to role mapping in place (almost all servers except JBoss).

Or did you mean general EE samples from that project and not just the JASPIC ones? If so, a PR to make them more portable and remove reliance on proprietary features would be appreciated ;) 
 

>
>
> On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE & OpenEJB]
<

> [hidden email]> wrote:
>
> > Hi
> >
> > answering there even if a bit old but google find this thread so
> > trying to keep threads consistent...
> >
> > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
> >
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> >
> >
> > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
> >

> > > I was looking for exactly this functionality 2 weeks ago to use with
> > TomEE.
> > > I ended up having to write a tomcat AuthenticatorValve and a custom
> > Realm
> > > class to implement the same thing you've done with your standard
JASPIC
> > > implementation (using SocialAuth as you have done).  It would be great
> > to
> > > have this, especially for the Social Authentication scenario.  Any
> > situation
> > > where you want to access the HttpServletRequest and
HttpServletResponse
> > to
> > > perform redirects and callbacks in the authentication "work flow"
would
> > > benefit from this.
> > >
> > >
> > >
> > > --
> > > View this message in context:
> >
http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
> > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html
> > To unsubscribe from Consider support for the Servlet profile of JSR 196
> > (JASPIC) in TomEE, click here
> > <

> > .
> > NAML
> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>
> >
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.



To unsubscribe from Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]> a écrit :
>
> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE &
OpenEJB] <

> [hidden email]> wrote:
>
> > Normally master is deployed each night but sometimes it doesnt work so
> > should be.
> >
>
> Ok, thanks!
>
>
> >
> > Ran some ee samples but some of them are not portable or rely too much
on

> > proprietary features. Will try to push my tomee branch next week.
> >
>
> The JASPIC tests from the Java EE 7 samples project should be as portable
> as one can get. Some servers insist on activating JASPIC (Liberty, JBoss),
> or having proprietary group to role mapping in place (almost all servers
> except JBoss).
>
> Or did you mean general EE samples from that project and not just the
> JASPIC ones? If so, a PR to make them more portable and remove reliance on
> proprietary features would be appreciated ;)
>

Both by side effects mainly. Wait 1-2 days and i ll push once my review
done;)
>
> >
> > >
> > >
> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE &
> > OpenEJB]
> > <
> >
> > > [hidden email] <http://
/user/SendEmail.jtp?type=node&node=4677974&i=1>>

> > wrote:
> > >
> > > > Hi
> > > >
> > > > answering there even if a bit old but google find this thread so
> > > > trying to keep threads consistent...
> > > >
> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
> > > >
> > > > Romain Manni-Bucau
> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> > > >
> > > >
> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
> > > >
> > > > > I was looking for exactly this functionality 2 weeks ago to use
with
> > > > TomEE.
> > > > > I ended up having to write a tomcat AuthenticatorValve and a
custom

> > > > Realm
> > > > > class to implement the same thing you've done with your standard
> > JASPIC
> > > > > implementation (using SocialAuth as you have done).  It would be
> > great
> > > > to
> > > > > have this, especially for the Social Authentication scenario.  Any
> > > > situation
> > > > > where you want to access the HttpServletRequest and
> > HttpServletResponse
> > > > to
> > > > > perform redirects and callbacks in the authentication "work flow"
> > would
> > > > > benefit from this.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > View this message in context:
> > > >
> >
> >
http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html

> > > > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> > > >
> > > >
> > > > ------------------------------
> > > > If you reply to this email, your message will be added to the
> > discussion
> > > > below:
> > > >
> > > >
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html

> > > > To unsubscribe from Consider support for the Servlet profile of JSR
> > 196
> > > > (JASPIC) in TomEE, click here
> > > > <
> >
> > > > .
> > > > NAML
> > > > <
> >
> >
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml

> > >
> > > >
> > >
> > >
> > >
> > >
> > > --
> > > View this message in context:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html
> > To unsubscribe from Consider support for the Servlet profile of JSR 196
> > (JASPIC) in TomEE, click here
> > <

> > .
> > NAML
> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>
> >
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
pushed my work on https://github.com/rmannibucau/javaee7-samples.
Several samples should pass and doesnt yet. Didn't check why but can
just be a pom setup issue, implementation hypothesis (like hardcoding
a h2/hibernate usage ;)) or something like that (typically a lot of
websocket tests are failing but we should pass them without hacking
tomee).

Romain Manni-Bucau
@rmannibucau |  Blog | Github | LinkedIn | Tomitriber


2016-03-28 10:56 GMT+02:00 Romain Manni-Bucau <[hidden email]>:

>
> Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]> a écrit :
>>
>> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE & OpenEJB]
>> <
>> [hidden email]> wrote:
>>
>> > Normally master is deployed each night but sometimes it doesnt work so
>> > should be.
>> >
>>
>> Ok, thanks!
>>
>>
>> >
>> > Ran some ee samples but some of them are not portable or rely too much
>> > on
>> > proprietary features. Will try to push my tomee branch next week.
>> >
>>
>> The JASPIC tests from the Java EE 7 samples project should be as portable
>> as one can get. Some servers insist on activating JASPIC (Liberty, JBoss),
>> or having proprietary group to role mapping in place (almost all servers
>> except JBoss).
>>
>> Or did you mean general EE samples from that project and not just the
>> JASPIC ones? If so, a PR to make them more portable and remove reliance on
>> proprietary features would be appreciated ;)
>>
>
> Both by side effects mainly. Wait 1-2 days and i ll push once my review
> done;)
>
>
>>
>> >
>> > >
>> > >
>> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE &
>> > OpenEJB]
>> > <
>> >
>> > > [hidden email]
>> > > <http:///user/SendEmail.jtp?type=node&node=4677974&i=1>>
>> > wrote:
>> > >
>> > > > Hi
>> > > >
>> > > > answering there even if a bit old but google find this thread so
>> > > > trying to keep threads consistent...
>> > > >
>> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
>> > > >
>> > > > Romain Manni-Bucau
>> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
>> > > >
>> > > >
>> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
>> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
>> > > >
>> > > > > I was looking for exactly this functionality 2 weeks ago to use
>> > > > > with
>> > > > TomEE.
>> > > > > I ended up having to write a tomcat AuthenticatorValve and a
>> > > > > custom
>> > > > Realm
>> > > > > class to implement the same thing you've done with your standard
>> > JASPIC
>> > > > > implementation (using SocialAuth as you have done).  It would be
>> > great
>> > > > to
>> > > > > have this, especially for the Social Authentication scenario.  Any
>> > > > situation
>> > > > > where you want to access the HttpServletRequest and
>> > HttpServletResponse
>> > > > to
>> > > > > perform redirects and callbacks in the authentication "work flow"
>> > would
>> > > > > benefit from this.
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > View this message in context:
>> > > >
>> >
>> >
>> > http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
>> > > > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>> > > >
>> > > >
>> > > > ------------------------------
>> > > > If you reply to this email, your message will be added to the
>> > discussion
>> > > > below:
>> > > >
>> > > >
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html
>> > > > To unsubscribe from Consider support for the Servlet profile of JSR
>> > 196
>> > > > (JASPIC) in TomEE, click here
>> > > > <
>> >
>> > > > .
>> > > > NAML
>> > > > <
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>> > >
>> > > >
>> > >
>> > >
>> > >
>> > >
>> > > --
>> > > View this message in context:
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
>> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
>> >
>> >
>> > ------------------------------
>> > If you reply to this email, your message will be added to the discussion
>> > below:
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html
>> > To unsubscribe from Consider support for the Servlet profile of JSR 196
>> > (JASPIC) in TomEE, click here
>> >
>> > <
>> > .
>> > NAML
>> >
>> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>> >
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
>> Sent from the TomEE Dev mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
Thanks for starting this.

jaxrs/angularjs/src/main/resources/META-INF/persistence.xml is for sure wrong in the original.  "java:jboss/datasources/ExampleDS" is obviously not portable. 

All JPA based tests use the Java EE 7 default data source, which is generally good enough. In some cases where @DataSourceDefinition is used an embedded h2 or other DB is used (but in a portable way, not relying on anything privately  provided by the server)

JASPIC tests should be mostly portable (taking the mandated setup mentioned above into account), but let me know if you find anything there.



On Mon, Mar 28, 2016 at 4:26 PM, Romain Manni-Bucau [via TomEE & OpenEJB] <[hidden email]> wrote:
pushed my work on https://github.com/rmannibucau/javaee7-samples.
Several samples should pass and doesnt yet. Didn't check why but can
just be a pom setup issue, implementation hypothesis (like hardcoding
a h2/hibernate usage ;)) or something like that (typically a lot of
websocket tests are failing but we should pass them without hacking
tomee).

Romain Manni-Bucau
@rmannibucau |  Blog | Github | LinkedIn | Tomitriber


2016-03-28 10:56 GMT+02:00 Romain Manni-Bucau <[hidden email]>:

>
> Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]> a écrit :
>>
>> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE & OpenEJB]
>> <
>> [hidden email]> wrote:
>>
>> > Normally master is deployed each night but sometimes it doesnt work so
>> > should be.
>> >
>>
>> Ok, thanks!
>>
>>
>> >
>> > Ran some ee samples but some of them are not portable or rely too much
>> > on
>> > proprietary features. Will try to push my tomee branch next week.
>> >
>>
>> The JASPIC tests from the Java EE 7 samples project should be as portable
>> as one can get. Some servers insist on activating JASPIC (Liberty, JBoss),
>> or having proprietary group to role mapping in place (almost all servers
>> except JBoss).
>>
>> Or did you mean general EE samples from that project and not just the
>> JASPIC ones? If so, a PR to make them more portable and remove reliance on
>> proprietary features would be appreciated ;)
>>
>
> Both by side effects mainly. Wait 1-2 days and i ll push once my review
> done;)
>
>
>>
>> >
>> > >
>> > >
>> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE &
>> > OpenEJB]
>> > <
>> >
>> > > [hidden email]
>> > > <http:///user/SendEmail.jtp?type=node&node=4677974&i=1>>
>> > wrote:
>> > >
>> > > > Hi
>> > > >
>> > > > answering there even if a bit old but google find this thread so
>> > > > trying to keep threads consistent...
>> > > >
>> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
>> > > >
>> > > > Romain Manni-Bucau
>> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
>> > > >
>> > > >
>> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
>> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
>> > > >
>> > > > > I was looking for exactly this functionality 2 weeks ago to use
>> > > > > with
>> > > > TomEE.
>> > > > > I ended up having to write a tomcat AuthenticatorValve and a
>> > > > > custom
>> > > > Realm
>> > > > > class to implement the same thing you've done with your standard
>> > JASPIC
>> > > > > implementation (using SocialAuth as you have done).  It would be
>> > great
>> > > > to
>> > > > > have this, especially for the Social Authentication scenario.  Any
>> > > > situation
>> > > > > where you want to access the HttpServletRequest and
>> > HttpServletResponse
>> > > > to
>> > > > > perform redirects and callbacks in the authentication "work flow"
>> > would
>> > > > > benefit from this.
>> > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > View this message in context:
>> > > >
>> >
>> >
>> > http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
>> > > > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>> > > >
>> > > >
>> > > > ------------------------------
>> > > > If you reply to this email, your message will be added to the
>> > discussion
>> > > > below:
>> > > >
>> > > >
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html
>> > > > To unsubscribe from Consider support for the Servlet profile of JSR
>> > 196
>> > > > (JASPIC) in TomEE, click here
>> > > > <
>> >
>> > > > .
>> > > > NAML
>> > > > <
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>> > >
>> > > >
>> > >
>> > >
>> > >
>> > >
>> > > --
>> > > View this message in context:
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
>> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
>> >
>> >
>> > ------------------------------
>> > If you reply to this email, your message will be added to the discussion
>> > below:
>> >
>> >
>> > http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html
>> > To unsubscribe from Consider support for the Servlet profile of JSR 196
>> > (JASPIC) in TomEE, click here
>> >
>> > <
>> > .
>> > NAML
>> >
>> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>> >
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
>> Sent from the TomEE Dev mailing list archive at Nabble.com.



To unsubscribe from Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
Le 29 mars 2016 00:09, "Arjan Tijms" <[hidden email]> a écrit :
>
> Thanks for starting this.
>
> jaxrs/angularjs/src/main/resources/META-INF/persistence.xml is for sure
> wrong in the original.  "java:jboss/datasources/ExampleDS" is obviously
not
> portable.
>
> All JPA based tests use the Java EE 7 default data source, which is
> generally good enough. In some cases where @DataSourceDefinition is used
an
> embedded h2 or other DB is used (but in a portable way, not relying on
> anything privately  provided by the server)
>
> JASPIC tests should be mostly portable (taking the mandated setup
mentioned
> above into account), but let me know if you find anything there.
>

Issue is mixing some specs. Typically jsf for dispatch-cdi which relies on
jsf double stack which is unspecified - fixed on master - so sometimes a
failure is not linked to the central feature of the sample :(.

>
>
> On Mon, Mar 28, 2016 at 4:26 PM, Romain Manni-Bucau [via TomEE & OpenEJB]
<

> [hidden email]> wrote:
>
> > pushed my work on https://github.com/rmannibucau/javaee7-samples.
> > Several samples should pass and doesnt yet. Didn't check why but can
> > just be a pom setup issue, implementation hypothesis (like hardcoding
> > a h2/hibernate usage ;)) or something like that (typically a lot of
> > websocket tests are failing but we should pass them without hacking
> > tomee).
> >
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> >
> >
> > 2016-03-28 10:56 GMT+02:00 Romain Manni-Bucau <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677977&i=0>>:
> >
> > >
> > > Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677977&i=1>> a écrit :
> > >>
> > >> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE &
> > OpenEJB]
> > >> <
> > >> [hidden email] <http://
/user/SendEmail.jtp?type=node&node=4677977&i=2>>

> > wrote:
> > >>
> > >> > Normally master is deployed each night but sometimes it doesnt work
> > so
> > >> > should be.
> > >> >
> > >>
> > >> Ok, thanks!
> > >>
> > >>
> > >> >
> > >> > Ran some ee samples but some of them are not portable or rely too
> > much
> > >> > on
> > >> > proprietary features. Will try to push my tomee branch next week.
> > >> >
> > >>
> > >> The JASPIC tests from the Java EE 7 samples project should be as
> > portable
> > >> as one can get. Some servers insist on activating JASPIC (Liberty,
> > JBoss),
> > >> or having proprietary group to role mapping in place (almost all
> > servers
> > >> except JBoss).
> > >>
> > >> Or did you mean general EE samples from that project and not just the
> > >> JASPIC ones? If so, a PR to make them more portable and remove
reliance
> > on
> > >> proprietary features would be appreciated ;)
> > >>
> > >
> > > Both by side effects mainly. Wait 1-2 days and i ll push once my
review

> > > done;)
> > >
> > >
> > >>
> > >> >
> > >> > >
> > >> > >
> > >> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE &
> > >> > OpenEJB]
> > >> > <
> > >> >
> > >> > > [hidden email]
> > >> > > <http:///user/SendEmail.jtp?type=node&node=4677974&i=1>>
> > >> > wrote:
> > >> > >
> > >> > > > Hi
> > >> > > >
> > >> > > > answering there even if a bit old but google find this thread
so

> > >> > > > trying to keep threads consistent...
> > >> > > >
> > >> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
> > >> > > >
> > >> > > > Romain Manni-Bucau
> > >> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> > >> > > >
> > >> > > >
> > >> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
> > >> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
> > >> > > >
> > >> > > > > I was looking for exactly this functionality 2 weeks ago to
use

> > >> > > > > with
> > >> > > > TomEE.
> > >> > > > > I ended up having to write a tomcat AuthenticatorValve and a
> > >> > > > > custom
> > >> > > > Realm
> > >> > > > > class to implement the same thing you've done with your
> > standard
> > >> > JASPIC
> > >> > > > > implementation (using SocialAuth as you have done).  It would
> > be
> > >> > great
> > >> > > > to
> > >> > > > > have this, especially for the Social Authentication scenario.
> > Any
> > >> > > > situation
> > >> > > > > where you want to access the HttpServletRequest and
> > >> > HttpServletResponse
> > >> > > > to
> > >> > > > > perform redirects and callbacks in the authentication "work
> > flow"
> > >> > would
> > >> > > > > benefit from this.
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > View this message in context:
> > >> > > >
> > >> >
> > >> >
> > >> >
> >
http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html

> > >> > > > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> > >> > > >
> > >> > > >
> > >> > > > ------------------------------
> > >> > > > If you reply to this email, your message will be added to the
> > >> > discussion
> > >> > > > below:
> > >> > > >
> > >> > > >
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html

> > >> > > > To unsubscribe from Consider support for the Servlet profile of
> > JSR
> > >> > 196
> > >> > > > (JASPIC) in TomEE, click here
> > >> > > > <
> > >> >
> > >> > > > .
> > >> > > > NAML
> > >> > > > <
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml

> > >> > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > View this message in context:
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html

> > >> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
> > >> >
> > >> >
> > >> > ------------------------------
> > >> > If you reply to this email, your message will be added to the
> > discussion
> > >> > below:
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html

> > >> > To unsubscribe from Consider support for the Servlet profile of JSR
> > 196
> > >> > (JASPIC) in TomEE, click here
> > >> >
> > >> > <
> > >> > .
> > >> > NAML
> > >> >
> > >> > <
> >
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml

>
> >
> > >> >
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> View this message in context:
> > >>
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
> > >> Sent from the TomEE Dev mailing list archive at Nabble.com.
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677977.html
> > To unsubscribe from Consider support for the Servlet profile of JSR 196
> > (JASPIC) in TomEE, click here
> > <

> > .
> > NAML
> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>
> >
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677978.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Arjan Tijms
Hi,

On Mon, Mar 28, 2016 at 11:53 PM, Romain Manni-Bucau [via TomEE & OpenEJB] <[hidden email]> wrote
Issue is mixing some specs. Typically jsf for dispatch-cdi which relies on
jsf double stack which is unspecified -

Sorry, what is a "jsf double stack" exactly?

Do you mean the include of a JSF resource by a SAM? E.g. this test:

 
fixed on master -


 
so sometimes a
failure is not linked to the central feature of the sample :(.

>
>
> On Mon, Mar 28, 2016 at 4:26 PM, Romain Manni-Bucau [via TomEE & OpenEJB]
<

> [hidden email]> wrote:
>
> > pushed my work on https://github.com/rmannibucau/javaee7-samples.
> > Several samples should pass and doesnt yet. Didn't check why but can
> > just be a pom setup issue, implementation hypothesis (like hardcoding
> > a h2/hibernate usage ;)) or something like that (typically a lot of
> > websocket tests are failing but we should pass them without hacking
> > tomee).
> >
> > Romain Manni-Bucau
> > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> >
> >
> > 2016-03-28 10:56 GMT+02:00 Romain Manni-Bucau <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677977&i=0>>:
> >
> > >
> > > Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=4677977&i=1>> a écrit :
> > >>
> > >> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE &
> > OpenEJB]
> > >> <
> > >> [hidden email] <http://
/user/SendEmail.jtp?type=node&node=4677977&i=2>>

> > wrote:
> > >>
> > >> > Normally master is deployed each night but sometimes it doesnt work
> > so
> > >> > should be.
> > >> >
> > >>
> > >> Ok, thanks!
> > >>
> > >>
> > >> >
> > >> > Ran some ee samples but some of them are not portable or rely too
> > much
> > >> > on
> > >> > proprietary features. Will try to push my tomee branch next week.
> > >> >
> > >>
> > >> The JASPIC tests from the Java EE 7 samples project should be as
> > portable
> > >> as one can get. Some servers insist on activating JASPIC (Liberty,
> > JBoss),
> > >> or having proprietary group to role mapping in place (almost all
> > servers
> > >> except JBoss).
> > >>
> > >> Or did you mean general EE samples from that project and not just the
> > >> JASPIC ones? If so, a PR to make them more portable and remove
reliance
> > on
> > >> proprietary features would be appreciated ;)
> > >>
> > >
> > > Both by side effects mainly. Wait 1-2 days and i ll push once my
review

> > > done;)
> > >
> > >
> > >>
> > >> >
> > >> > >
> > >> > >
> > >> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE &
> > >> > OpenEJB]
> > >> > <
> > >> >
> > >> > > [hidden email]
> > >> > > <http:///user/SendEmail.jtp?type=node&node=4677974&i=1>>
> > >> > wrote:
> > >> > >
> > >> > > > Hi
> > >> > > >
> > >> > > > answering there even if a bit old but google find this thread
so

> > >> > > > trying to keep threads consistent...
> > >> > > >
> > >> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
> > >> > > >
> > >> > > > Romain Manni-Bucau
> > >> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
> > >> > > >
> > >> > > >
> > >> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
> > >> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
> > >> > > >
> > >> > > > > I was looking for exactly this functionality 2 weeks ago to
use

> > >> > > > > with
> > >> > > > TomEE.
> > >> > > > > I ended up having to write a tomcat AuthenticatorValve and a
> > >> > > > > custom
> > >> > > > Realm
> > >> > > > > class to implement the same thing you've done with your
> > standard
> > >> > JASPIC
> > >> > > > > implementation (using SocialAuth as you have done).  It would
> > be
> > >> > great
> > >> > > > to
> > >> > > > > have this, especially for the Social Authentication scenario.
> > Any
> > >> > > > situation
> > >> > > > > where you want to access the HttpServletRequest and
> > >> > HttpServletResponse
> > >> > > > to
> > >> > > > > perform redirects and callbacks in the authentication "work
> > flow"
> > >> > would
> > >> > > > > benefit from this.
> > >> > > > >
> > >> > > > >
> > >> > > > >
> > >> > > > > --
> > >> > > > > View this message in context:
> > >> > > >
> > >> >
> > >> >
> > >> >
> >
http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html

> > >> > > > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> > >> > > >
> > >> > > >
> > >> > > > ------------------------------
> > >> > > > If you reply to this email, your message will be added to the
> > >> > discussion
> > >> > > > below:
> > >> > > >
> > >> > > >
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html

> > >> > > > To unsubscribe from Consider support for the Servlet profile of
> > JSR
> > >> > 196
> > >> > > > (JASPIC) in TomEE, click here
> > >> > > > <
> > >> >
> > >> > > > .
> > >> > > > NAML
> > >> > > > <
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml

> > >> > >
> > >> > > >
> > >> > >
> > >> > >
> > >> > >
> > >> > >
> > >> > > --
> > >> > > View this message in context:
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html

> > >> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
> > >> >
> > >> >
> > >> > ------------------------------
> > >> > If you reply to this email, your message will be added to the
> > discussion
> > >> > below:
> > >> >
> > >> >
> > >> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html

> > >> > To unsubscribe from Consider support for the Servlet profile of JSR
> > 196
> > >> > (JASPIC) in TomEE, click here
> > >> >
> > >> > <
> > >> > .
> > >> > NAML
> > >> >
> > >> > <
> >
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml

>
> >
> > >> >
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> View this message in context:
> > >>
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
> > >> Sent from the TomEE Dev mailing list archive at Nabble.com.
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677977.html
> > To unsubscribe from Consider support for the Servlet profile of JSR 196
> > (JASPIC) in TomEE, click here
> > <

> > .
> > NAML
> > <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>
> >
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677978.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.



To unsubscribe from Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in TomEE

Romain Manni-Bucau
2016-03-29 8:48 GMT+02:00 Arjan Tijms <[hidden email]>:

> Hi,
>
> On Mon, Mar 28, 2016 at 11:53 PM, Romain Manni-Bucau [via TomEE & OpenEJB] <
> [hidden email]> wrote
>>
>> Issue is mixing some specs. Typically jsf for dispatch-cdi which relies on
>> jsf double stack which is unspecified -
>
>
> Sorry, what is a "jsf double stack" exactly?
>

Going twice in the JSF stack in a single request - not sure there is a name ;)

> Do you mean the include of a JSF resource by a SAM? E.g. this test:
>
> https://github.com/javaee-samples/javaee7-samples/blob/master/jaspic/dispatching-jsf-cdi/src/test/java/org/javaee7/jaspictest/dispatching/JSFCDIIncludeTest.java
>

Yes

>
>> fixed on master -
>
>
> Do you mean fixed in this commit?
> https://github.com/rmannibucau/javaee7-samples/commit/301118feaad47996345a5778a5022c3e427e1e7c
>

No was tomee master for this one;). MyFaces will get the fix too but
it is not really specified AFAIK

Also pushed to my branch fixes for angularjs sample which now runs
too, this one was hibernate specific for JPA layer, not portable on
JAXRS layer and frontend tests were not working for me cause htmlunit
doesn't support enough js + the modal was not correctly interpreted
for it.

>
>
>> so sometimes a
>> failure is not linked to the central feature of the sample :(.
>>
>> >
>> >
>> > On Mon, Mar 28, 2016 at 4:26 PM, Romain Manni-Bucau [via TomEE &
>> OpenEJB]
>> <
>>
>> > [hidden email] <http:///user/SendEmail.jtp?type=node&node=4677979&i=1>>
>> wrote:
>> >
>> > > pushed my work on https://github.com/rmannibucau/javaee7-samples.
>> > > Several samples should pass and doesnt yet. Didn't check why but can
>> > > just be a pom setup issue, implementation hypothesis (like hardcoding
>> > > a h2/hibernate usage ;)) or something like that (typically a lot of
>> > > websocket tests are failing but we should pass them without hacking
>> > > tomee).
>> > >
>> > > Romain Manni-Bucau
>> > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
>> > >
>> > >
>> > > 2016-03-28 10:56 GMT+02:00 Romain Manni-Bucau <[hidden email]
>> > > <http:///user/SendEmail.jtp?type=node&node=4677977&i=0>>:
>> > >
>> > > >
>> > > > Le 28 mars 2016 04:44, "Arjan Tijms" <[hidden email]
>> > > <http:///user/SendEmail.jtp?type=node&node=4677977&i=1>> a écrit :
>> > > >>
>> > > >> On Sun, Mar 27, 2016 at 11:33 AM, Romain Manni-Bucau [via TomEE &
>> > > OpenEJB]
>> > > >> <
>> > > >> [hidden email] <http://
>> /user/SendEmail.jtp?type=node&node=4677977&i=2>>
>>
>> > > wrote:
>> > > >>
>> > > >> > Normally master is deployed each night but sometimes it doesnt
>> work
>> > > so
>> > > >> > should be.
>> > > >> >
>> > > >>
>> > > >> Ok, thanks!
>> > > >>
>> > > >>
>> > > >> >
>> > > >> > Ran some ee samples but some of them are not portable or rely too
>> > > much
>> > > >> > on
>> > > >> > proprietary features. Will try to push my tomee branch next week.
>> > > >> >
>> > > >>
>> > > >> The JASPIC tests from the Java EE 7 samples project should be as
>> > > portable
>> > > >> as one can get. Some servers insist on activating JASPIC (Liberty,
>> > > JBoss),
>> > > >> or having proprietary group to role mapping in place (almost all
>> > > servers
>> > > >> except JBoss).
>> > > >>
>> > > >> Or did you mean general EE samples from that project and not just
>> the
>> > > >> JASPIC ones? If so, a PR to make them more portable and remove
>> reliance
>> > > on
>> > > >> proprietary features would be appreciated ;)
>> > > >>
>> > > >
>> > > > Both by side effects mainly. Wait 1-2 days and i ll push once my
>> review
>>
>> > > > done;)
>> > > >
>> > > >
>> > > >>
>> > > >> >
>> > > >> > >
>> > > >> > >
>> > > >> > > On Fri, Mar 25, 2016 at 2:45 PM, Romain Manni-Bucau [via TomEE
>> &
>> > > >> > OpenEJB]
>> > > >> > <
>> > > >> >
>> > > >> > > [hidden email]
>> > > >> > > <http:///user/SendEmail.jtp?type=node&node=4677974&i=1>>
>> > > >> > wrote:
>> > > >> > >
>> > > >> > > > Hi
>> > > >> > > >
>> > > >> > > > answering there even if a bit old but google find this thread
>> so
>>
>> > > >> > > > trying to keep threads consistent...
>> > > >> > > >
>> > > >> > > > TomEE master is on Tomcat 8.5.x so inherits from Jaspic now.
>> > > >> > > >
>> > > >> > > > Romain Manni-Bucau
>> > > >> > > > @rmannibucau |  Blog | Github | LinkedIn | Tomitriber
>> > > >> > > >
>> > > >> > > >
>> > > >> > > > 2013-09-03 5:11 GMT+02:00 Anthony Fryer <[hidden email]
>> > > >> > > > <http:///user/SendEmail.jtp?type=node&node=4677971&i=0>>:
>> > > >> > > >
>> > > >> > > > > I was looking for exactly this functionality 2 weeks ago to
>> use
>>
>> > > >> > > > > with
>> > > >> > > > TomEE.
>> > > >> > > > > I ended up having to write a tomcat AuthenticatorValve and
>> a
>> > > >> > > > > custom
>> > > >> > > > Realm
>> > > >> > > > > class to implement the same thing you've done with your
>> > > standard
>> > > >> > JASPIC
>> > > >> > > > > implementation (using SocialAuth as you have done).  It
>> would
>> > > be
>> > > >> > great
>> > > >> > > > to
>> > > >> > > > > have this, especially for the Social Authentication
>> scenario.
>> > > Any
>> > > >> > > > situation
>> > > >> > > > > where you want to access the HttpServletRequest and
>> > > >> > HttpServletResponse
>> > > >> > > > to
>> > > >> > > > > perform redirects and callbacks in the authentication "work
>> > > flow"
>> > > >> > would
>> > > >> > > > > benefit from this.
>> > > >> > > > >
>> > > >> > > > >
>> > > >> > > > >
>> > > >> > > > > --
>> > > >> > > > > View this message in context:
>> > > >> > > >
>> > > >> >
>> > > >> >
>> > > >> >
>> > >
>>
>> http://openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4664957.html
>>
>> > > >> > > > > Sent from the OpenEJB Dev mailing list archive at
>> Nabble.com.
>> > > >> > > >
>> > > >> > > >
>> > > >> > > > ------------------------------
>> > > >> > > > If you reply to this email, your message will be added to the
>> > > >> > discussion
>> > > >> > > > below:
>> > > >> > > >
>> > > >> > > >
>> > > >> >
>> > > >> >
>> > > >> >
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677971.html
>>
>> > > >> > > > To unsubscribe from Consider support for the Servlet profile
>> of
>> > > JSR
>> > > >> > 196
>> > > >> > > > (JASPIC) in TomEE, click here
>> > > >> > > > <
>> > > >> >
>> > > >> > > > .
>> > > >> > > > NAML
>> > > >> > > > <
>> > > >> >
>> > > >> >
>> > > >> >
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>>
>> > > >> > >
>> > > >> > > >
>> > > >> > >
>> > > >> > >
>> > > >> > >
>> > > >> > >
>> > > >> > > --
>> > > >> > > View this message in context:
>> > > >> >
>> > > >> >
>> > > >> >
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677972.html
>>
>> > > >> > > Sent from the TomEE Dev mailing list archive at Nabble.com.
>> > > >> >
>> > > >> >
>> > > >> > ------------------------------
>> > > >> > If you reply to this email, your message will be added to the
>> > > discussion
>> > > >> > below:
>> > > >> >
>> > > >> >
>> > > >> >
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677974.html
>>
>> > > >> > To unsubscribe from Consider support for the Servlet profile of
>> JSR
>> > > 196
>> > > >> > (JASPIC) in TomEE, click here
>> > > >> >
>> > > >> > <
>> > > >> > .
>> > > >> > NAML
>> > > >> >
>> > > >> > <
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>>
>> >
>> > >
>> > > >> >
>> > > >>
>> > > >>
>> > > >>
>> > > >>
>> > > >> --
>> > > >> View this message in context:
>> > > >>
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677975.html
>> > > >> Sent from the TomEE Dev mailing list archive at Nabble.com.
>> > >
>> > >
>> > > ------------------------------
>> > > If you reply to this email, your message will be added to the
>> discussion
>> > > below:
>> > >
>> > >
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677977.html
>> > > To unsubscribe from Consider support for the Servlet profile of JSR
>> 196
>> > > (JASPIC) in TomEE, click here
>> > > <
>>
>> > > .
>> > > NAML
>> > > <
>>
>> http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
>> >
>> > >
>> >
>> >
>> >
>> >
>> > --
>> > View this message in context:
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677978.html
>> > Sent from the TomEE Dev mailing list archive at Nabble.com.
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677979.html
>> To unsubscribe from Consider support for the Servlet profile of JSR 196
>> (JASPIC) in TomEE, click here
>> <
>> .
>> NAML
>> <
http://tomee-openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-TomEE-tp4660480p4677984.html
> Sent from the TomEE Dev mailing list archive at Nabble.com.
12
Loading...