Open sfuhrm opened 2 years ago
Actually, the issue is larger than that.
The login module extends JBoss AbstractServerLoginModule, which is deprecated in part because it depends on deprecated parts of the JDK. In fact, virtually all of the PicketBox-based auth infrastructure in Wildfly has been deprecated and replaced with Elytron. This module basically needs a re-write to address those issues.
Thanks for explanation, @ceharris Unfortunately, this is bad news. This plugin works quite well.
Do you have any idea whether there is an alternative besides the re-write you mentioned (i.e. other plugin, switching to LDAP)?
I have created a proof of concept for updating the module to work under Elytron. It still needs work and is not ready to be used in production, but it represents a possible path forward.
Reviewing your POC, it looks essentially as I would have expected from my initial survey of the Elytron APIs -- i.e. most of the work is in the parts that previously used PicketBox APIs and most everything else remains the same. Documentation and examples will need to be updated (e.g. those parts that configure security-realm
) too. On a more trivial/pedantic note, code formatting/style will need to match that in use in the project.
Did you happen to test your POC with JDK 14+?
This would be a fairly large contribution. Are you wanting to pursue it to completion, or are you simply providing it as a POC for someone else to fully implement?
I am willing to collaborate to get this completed. I have only tested it with Wildfly 25 on JDK 11.
With JDK 17, the cas extension breaks with
The reason: The package java.security.acl is deprecated since JDK 9 and removed in JDK 14.
It is used in IdentityAssertionLoginModule.java