Security docs missing several auth mechanisms
13 views
Skip to first unread message
Brad Wood
Jul 7, 2022, 1:42:13 PM7/7/22
to Undertow Dev
The docs here:
in the last sentence only list 4 auth mechanisms:
The built in mechanisms are FORM, DIGEST, CLIENT_CERT and BASIC.
However, this section of the docs
has a table with 5 auth mechanisms:
- BASIC
- FORM - Is there any description of this and how it would work? I've read the code, but I'm not clear exactly how or where I would use this.
- CLIENT-CERT
- DIGEST
- EXTERNAL - Is there any description of this and how it would work? I don't see any tests for it.
The following authentication mechanisms appear in the Undertow source code but are not mentioned in the docs. Is this an oversight?
- CachedAuthenticatedSessionMechanism
- GenericHeaderAuthenticationMechanism
- GSSAPIAuthenticationMechanism
- SingleSignOnAuthenticationMechanism
Thanks!
~Brad
Developer Advocate
Ortus Solutions, Corp
E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
Brad Wood
Jul 20, 2022, 1:59:18 PM7/20/22
to Undertow Dev
Any updates on these missing items from the docs?
Flavia Rainone
Jul 21, 2022, 2:48:38 AM7/21/22
to Undertow Dev
Hi Brad,
Best regards,
These authentication mechanisms were added a long time ago. Currently we use Elytron authentication mechanisms in WildFly and these classes haven't been updated for a long time.
It appears to me that the classes were added but the documentation was never updated.
I'll review this for Undertow 2.3 so we can get this corrected: https://issues.redhat.com/browse/UNDERTOW-2126
Best regards,
Flavia
Brad Wood
Jul 21, 2022, 10:57:20 AM7/21/22
to Flavia Rainone, Undertow Dev
Thanks for the info. To be clear, I'm not using Wildfly, I'm just using Undertow directly. Are you saying Undertow's auth mechanisms aren't supported any longer or shouldn't be used?
Thanks!
~Brad
Developer Advocate
Ortus Solutions, Corp
E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
--
You received this message because you are subscribed to the Google Groups "Undertow Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to undertow-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/undertow-dev/32a2e786-3aed-487a-9fc4-1c6354713ac3n%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Flavia Rainone
Sep 5, 2022, 1:19:09 PM9/5/22
to Undertow Dev
Hi Brad,
They are supported. It is just something that went off the radar for quite a long time.
I gave this some thought and I decided I will make sure that the classes are updated. The documentation will also be corrected.
Best regards,
Flavia
Brad Wood
Sep 5, 2022, 2:17:00 PM9/5/22
to Flavia Rainone, Undertow Dev
Thanks for confirming Flavia!
~Brad
Developer Advocate
Ortus Solutions, Corp
E-mail: br...@coldbox.org
ColdBox Platform: http://www.coldbox.org
To view this discussion on the web visit https://groups.google.com/d/msgid/undertow-dev/e0c4d232-ca2f-468f-a10d-8e23fd9cae00n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages