Weld 3 & Wildfly 11 integration - help with security needed

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Weld 3 & Wildfly 11 integration - help with security needed

Matej Novotny
Hello,

recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high speed) should be running on WildFly 11.
Up until now, we had the integration based on 10.1.0.Final but for several reasons we want to move to 11.

There were some changes and I figured out most of them but I am lost when it comes to security.
I know Elytron was added but I don't know a damn thing about it - could anyone lend a hand here, please?

The code is now located at this branch[1] and the very last commit shows the integration done.
Vast majority is just taken from previous integration with 10.1.0.Final (branch 10.1.0.Final-weld3).
The part I am concerned about is weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java [2]
'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking the other methods should perhaps be adjusted as well?
But then again, I have no idea how to do that with Elytron... a penny for your thoughts?

Regards
Matej

____________________________________________________________________________________________________________________________________
[1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
[2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java
[3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java#L69
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Weld 3 & Wildfly 11 integration - help with security needed

Stuart Douglas
So looking at the code I am not sure if this is possible to adapt to Elytron without an API change on the Weld side of things.

This issue is in the Weld SecurityContext, which just as associate and disassociate methods, while elytron uses a more functional approach.

I think this API needs to be change so SecurityContext just has a run(PrivilidgedExceptionAction action) method, where the implementation would look something like:

elytronDomain.getCurrentSecurityIdentity().runAs(action)

Not sure how hard to do this will be from the Weld side and I am not sure how this method is actually used.

Stuart



On Mon, Apr 24, 2017 at 10:32 PM, Matej Novotny <[hidden email]> wrote:
Hello,

recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high speed) should be running on WildFly 11.
Up until now, we had the integration based on 10.1.0.Final but for several reasons we want to move to 11.

There were some changes and I figured out most of them but I am lost when it comes to security.
I know Elytron was added but I don't know a damn thing about it - could anyone lend a hand here, please?

The code is now located at this branch[1] and the very last commit shows the integration done.
Vast majority is just taken from previous integration with 10.1.0.Final (branch 10.1.0.Final-weld3).
The part I am concerned about is weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java [2]
'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking the other methods should perhaps be adjusted as well?
But then again, I have no idea how to do that with Elytron... a penny for your thoughts?

Regards
Matej

____________________________________________________________________________________________________________________________________
[1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
[2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java
[3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java#L69
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Weld 3 & Wildfly 11 integration - help with security needed

Matej Novotny
Hi Stuart,

that's pretty much what we did (Darran reached out to us already).
On API side, we added a method returning a consumer[1].
And on WildFly side this is then implemented via runAs(consumer)[2].

Thanks for answering
Matej

____________________________________________________________________________________-
[1]https://github.com/weld/api/blob/master/weld-spi/src/main/java/org/jboss/weld/security/spi/SecurityServices.java#L75
[2]https://github.com/manovotn/wildfly/blob/weld2380/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java#L102

----- Original Message -----

> From: "Stuart Douglas" <[hidden email]>
> To: "Matej Novotny" <[hidden email]>
> Cc: "WildFly Dev" <[hidden email]>
> Sent: Monday, May 1, 2017 1:10:16 AM
> Subject: Re: [wildfly-dev] Weld 3 & Wildfly 11 integration - help with security needed
>
> So looking at the code I am not sure if this is possible to adapt to
> Elytron without an API change on the Weld side of things.
>
> This issue is in the Weld SecurityContext, which just as associate and
> disassociate methods, while elytron uses a more functional approach.
>
> I think this API needs to be change so SecurityContext just has a
> run(PrivilidgedExceptionAction action) method, where the implementation
> would look something like:
>
> elytronDomain.getCurrentSecurityIdentity().runAs(action)
>
> Not sure how hard to do this will be from the Weld side and I am not sure
> how this method is actually used.
>
> Stuart
>
>
>
> On Mon, Apr 24, 2017 at 10:32 PM, Matej Novotny <[hidden email]> wrote:
>
> > Hello,
> >
> > recently I decided, that Weld 3 (CDI 2.0, currently nearing Final at high
> > speed) should be running on WildFly 11.
> > Up until now, we had the integration based on 10.1.0.Final but for several
> > reasons we want to move to 11.
> >
> > There were some changes and I figured out most of them but I am lost when
> > it comes to security.
> > I know Elytron was added but I don't know a damn thing about it - could
> > anyone lend a hand here, please?
> >
> > The code is now located at this branch[1] and the very last commit shows
> > the integration done.
> > Vast majority is just taken from previous integration with 10.1.0.Final
> > (branch 10.1.0.Final-weld3).
> > The part I am concerned about is weld/subsystem/src/main/java/
> > org/jboss/as/weld/services/bootstrap/WeldSecurityServices.java [2]
> > 'getPrincipal'[3] method was earlier adapted to Elytron, and I am thinking
> > the other methods should perhaps be adjusted as well?
> > But then again, I have no idea how to do that with Elytron... a penny for
> > your thoughts?
> >
> > Regards
> > Matej
> >
> > ____________________________________________________________
> > ________________________________________________________________________
> > [1]https://github.com/weld/wildfly/tree/11.0.0.Alpha1-weld3
> > [2]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
> > weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
> > WeldSecurityServices.java
> > [3]https://github.com/weld/wildfly/blob/11.0.0.Alpha1-
> > weld3/weld/subsystem/src/main/java/org/jboss/as/weld/services/bootstrap/
> > WeldSecurityServices.java#L69
> > _______________________________________________
> > wildfly-dev mailing list
> > [hidden email]
> > https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Loading...