Securing a Rat Pack application

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Securing a Rat Pack application

jeff-blaisdell
Over the past week I've been getting to know Rat Pack by working through trying to build a simple user service application.

After a good amount of work I caught myself writing a lot of security related code, and thought I should probably be using some sort of out-of-box security solution.

Since Rat Pack officially supports Guice I started trying to integrate Apache Shiro with an authorization strategy based on JSON Web Tokens.  The problem is many of the out-of-box security solutions heavily rely on servlet filters to secure application URL endpoints - i.e. Spring Security, Apache Shiro

At this point I thought I might start creating a Rat Pack Shiro adapter that foregoes servlet filters in favor of Rat Pack handlers, but this is not a small amount of work.

So before I went any further I want to step back and ask:

Is there an easier way?

How are others going about implementing security in Rat Pack?
rus
Reply | Threaded
Open this post in threaded view
|

Re: Securing a Rat Pack application

rus

There is a Pac4j Guice module you can use for securing apps http://www.ratpack.io/manual/current/api/ratpack/pac4j/Pac4jModule.html

Pac4j details can be found here https://github.com/leleuj/pac4j

And there is a capability demonstrator here https://github.com/leleuj/ratpack-pac4j-demo

On 30 Nov 2014 21:12, "jeff-blaisdell [via Ratpack Forum]" <[hidden email]> wrote:
Over the past week I've been getting to know Rat Pack by working through trying to build a simple user service application.

After a good amount of work I caught myself writing a lot of security related code, and thought I should probably be using some sort of out-of-box security solution.

Since Rat Pack officially supports Guice I started trying to integrate Apache Shiro with an authorization strategy based on JSON Web Tokens.  The problem is many of the out-of-box security solutions heavily rely on servlet filters to secure application URL endpoints - i.e. Spring Security, Apache Shiro

At this point I thought I might start creating a Rat Pack Shiro adapter that foregoes servlet filters in favor of Rat Pack handlers, but this is not a small amount of work.

So before I went any further I want to step back and ask:

Is there an easier way?

How are others going about implementing security in Rat Pack?



If you reply to this email, your message will be added to the discussion below:
http://forum.ratpack.io/Securing-a-Rat-Pack-application-tp797.html
To start a new topic under Ratpack Forum, email [hidden email]
To unsubscribe from Ratpack Forum, click here.
NAML