Switch branches/tags
RESTEASY_2_3_0_GA@1578 RESTEASY_2_3_0_GA RESTEASY_2_3_RC_1@1573 RESTEASY_2_3_RC_1@1570 RESTEASY_2_3_RC_1 RESTEASY_2_3_BETA_1@1438 RESTEASY_2_3_BETA_1 RESTEASY_2_2_1_GA@1390 RESTEASY_2_2_1_GA RESTEASY_1_2_1_GA@881 RESTEASY_1_2_1_GA RESTEASY_JAXRS_2_3_2_FINAL RESTEASY_JAXRS_2_3_1_GA RESTEASY_JAXRS_2_2_3_GA RESTEASY_JAXRS_2_2_2_GA RESTEASY_JAXRS_2_2_0_GA@1367 RESTEASY_JAXRS_2_2_0_GA@1364 RESTEASY_JAXRS_2_2_0_GA RESTEASY_JAXRS_2_2_RC_1@1360 RESTEASY_JAXRS_2_2_RC_1 RESTEASY_JAXRS_2_2_BETA_1@1324 RESTEASY_JAXRS_2_2_BETA_1 RESTEASY_JAXRS_2_1_0_GA@1282 RESTEASY_JAXRS_2_1_0_GA RESTEASY_JAXRS_2_1_0_GA_CP01 RESTEASY_JAXRS_2_1_BETA_1 RESTEASY_JAXRS_2_0_1_GA@1184 RESTEASY_JAXRS_2_0_1_GA RESTEASY_JAXRS_2_0_0_GA@1122 RESTEASY_JAXRS_2_0_0_GA RESTEASY_JAXRS_2_0_RC1@1115 RESTEASY_JAXRS_2_0_RC1 RESTEASY_JAXRS_2_0_BETA_4@1071 RESTEASY_JAXRS_2_0_BETA_4 RESTEASY_JAXRS_2_0_BETA_3@1068 RESTEASY_JAXRS_2_0_BETA_3 RESTEASY_JAXRS_2_0_BETA_2@991 RESTEASY_JAXRS_2_0_BETA_2 RESTEASY_JAXRS_2_0_BETA_1@911 RESTEASY_JAXRS_2_0_BETA_1 RESTEASY_JAXRS_1_2_1_GA RESTEASY_JAXRS_1_2_1_GA_CP03 RESTEASY_JAXRS_1_2_1_GA_CP02 RESTEASY_JAXRS_1_2_1_GA_CP01 RESTEASY_JAXRS_1_2_GA@861 RESTEASY_JAXRS_1_2_GA RESTEASY_JAXRS_1_2_GA_CP03 RESTEASY_JAXRS_1_2_GA_CP02 RESTEASY_JAXRS_1_2_GA_CP01 RESTEASY_JAXRS_1_1_GA@746 RESTEASY_JAXRS_1_1_GA RESTEASY_JAXRS_1_1_GA_CP03 RESTEASY_JAXRS_1_1_GA_CP02 RESTEASY_JAXRS_1_1_GA_CP01 RESTEASY_JAXRS_1_1-RC2@663 RESTEASY_JAXRS_1_1-RC2 RESTEASY_JAXRS_1_1-RC1@600 RESTEASY_JAXRS_1_1-RC1 RESTEASY_JAXRS_1_0_2_GA RESTEASY_JAXRS_1_0_1_GA RESTEASY_JAXRS_1_0_0_GA@546 RESTEASY_JAXRS_1_0_0_GA RESTEASY_JAXRS_1_0_RC1@540 RESTEASY_JAXRS_1_0_RC1 RESTEASY_JAXRS_1_0_BETA_8@346 RESTEASY_JAXRS_1_0_BETA_8 RESTEASY_JAXRS_1_0_BETA_7@344 RESTEASY_JAXRS_1_0_BETA_7 RESTEASY_JAXRS_1_0_BETA_6@339 RESTEASY_JAXRS_1_0_BETA_6 RESTEASY_JAXRS_1_0_BETA_5@182 RESTEASY_JAXRS_1_0_BETA_5 RESTEASY_JAXRS_1_0_BETA_4@166 RESTEASY_JAXRS_1_0_BETA_4 RESTEASY_JAXRS_1_0_BETA_3@146 RESTEASY_JAXRS_1_0_BETA_3 RESTEASY_JAXRS_1_0_BETA_2@137 RESTEASY_JAXRS_1_0_BETA_2@134 RESTEASY_JAXRS_1_0_BETA_2 RESTEASY_JAXRS_1_0_BETA-9@447 RESTEASY_JAXRS_1_0_BETA-9 RESTEASY_JAXRS_BETA1@99 RESTEASY_JAXRS_BETA1 HORNETQ_REST_1_0_BETA_3@1286 HORNETQ_REST_1_0_BETA_3 HORNETQ_REST_1_0_BETA_2@1261 HORNETQ_REST_1_0_BETA_2 HORNETQ_REST_1_0_BETA_1@1173 HORNETQ_REST_1_0_BETA_1 3.0.10.Final 3.0.9.Final 3.0.8.Final 3.0.7.Final 3.0.6.Final 3.0.5.Final 3.0.4 3.0.4.Final 3.0.2 3.0.1.Final 3.0.0.Final
Nothing to show
Find file History
Pull request Compare This branch is 1289 commits behind resteasy:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
skeleton-key-as7
skeleton-key-core
skeleton-key-idp-war
skeleton-key-idp
skeleton-key-undertow
README.md
pom.xml

README.md

Skeleton Key IDM

These modules are a set of custom security protocols with the following goals:

  • Simple token formats
  • Java EE compatibility
  • Reduce IDM handshaking
  • Leverage PKI wherever possible
  • Tight JBoss AS7 Integration
  • Standalone JAX-RS-only integration
  • OAuth2 login
  • OAuth2 bearer tokens

It will include a sample IDM server with Infinispan as its persistence store. The IDM will be a RESTful interface that is designed to be an anybody-can-use cloud service.

IDM Server Design Notes

  • Realms are a collection of users, resources, roles, role, and scope mappings.
  • Scope is an OAuth2 concept. A user can ask another user for permission to act on behalf of them. Scope mappings define which roles a user is allowed to ask permission for.
  • A Realms can have user-role mappings
  • A realm can have scope mappings
  • A resource represents a specific web site or web service. It is not required
  • A resource can have specific roles and user-role mappings
  • A resource can have specific scope mappings
  • User names must be unique within a Realm
  • Resource names must be unique per Realm
  • Authentication is a combination of form parameters and/or client-cert verification.
  • realms define a set of required credentials.

Realm Creation

  1. No authentication required to create a realm
  2. A domain is disabled for use until a user with admin priviledges enables it.
  3. A domain must have a least one admin user assigned to it

User Creation

  1. Usernames must be unique within a domain
  2. Realms define a set of required credentials. users will not be enabled until they have set up all of their required credentials

Resource Creation

  1. Resource names are unique within a domain
  2. A Resource represents a website or service and has a Base URL associated with it.
  3. A resource defines a set of roles it provides
  4. Resources cannot belong to multiple domains