The current authentication architecture in the module plume-admin-security is tightly coupled to Plume admin. This makes implementing an authentication system outside Plume admin difficult.
Moreover, the "authentication SDK" is difficult to use:
- It seems tightly coupled with Jersey
- The class
SessionWs is present in the module plume-admin-ws whereas a lot of code in this class must be reused to implement a custom authentication
- The code is not very modular: it is often required to override multiple classes to implement a custom authentication, like
SessionWs, and it is complicated for the same project to provide multiple authentication system
Ideally:
- All then authentication code should be in a
plume-authentication and maybe with a plume-authentication-jwt module
plume-admin-security would only contain code to customize plume-security for Plume Admin (and maybe renamed plume-admin-authentication)- A full documentation would be written before any development to make sure that it would be easy to use
- A sample would be implemented in https://github.com/Coreoz/Plume-showcase where we would see how to implement a custom authentication system next to the Plume admin authentication system
The current authentication architecture in the module
plume-admin-securityis tightly coupled to Plume admin. This makes implementing an authentication system outside Plume admin difficult.Moreover, the "authentication SDK" is difficult to use:
SessionWsis present in the moduleplume-admin-wswhereas a lot of code in this class must be reused to implement a custom authenticationSessionWs, and it is complicated for the same project to provide multiple authentication systemIdeally:
plume-authenticationand maybe with aplume-authentication-jwtmoduleplume-admin-securitywould only contain code to customizeplume-securityfor Plume Admin (and maybe renamedplume-admin-authentication)