Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal to inject built-in HttpAuthenticationMechanism beans #11

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

OndroMih
Copy link

@OndroMih OndroMih commented Apr 10, 2023

A proposal to address jakartaee/security#188.

This is to make it possible to choose programmatically which of the built-in authentication mechanisms should be used based on configuration or user input. It would be possible to inject one or more mechanisms configured using the existing definition annotations (e.g. @BasicAuthenticationMechanismDefinition) and delegate authentication to them from a custom HttpAuthenticationMechanism bean.

See the README for more details.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor typo "mplemented" should be "implemented".

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thank you

@OndroMih OndroMih force-pushed the ondromih-proposal-injectableham branch from f73d832 to d376fda Compare April 10, 2023 21:06
@OndroMih
Copy link
Author

OndroMih commented Nov 25, 2023

An alternative option would be to support qualifiers for built in auth mechanisms, like this:

@BasicAuthenticationMechanismDefinition( qualifier = BasicAuth.class /* user-specified CDI qualifier*/ )
@FormAuthenticationMechanismDefinition(
   qualifier  = FormAuth.class /* user-specified CDI qualifier*/,
   loginToContinue = @LoginToContinue(loginPage = "/login.xhtml"))
@Dependent
public class MyAuthMechanism implements HttpAuthenticationMechanism {
    @Inject
    @FormAuth
    HttpAuthenticationMechanism formAuthentication;

    @Inject
    @BasicAuth
    HttpAuthenticationMechanism basicAuthentication;
}

More boiler-plate code because it requires creating a qualifier for each injected mechanism but does the same job.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants