Hello,

We are in the same situation. We have a lot o projects based on Seam 2 and Seam 3 and now Seam 3 doesn't exist any more! So we are moving some project in JSF2/CDI world without Seam and the first thing we need is a good authentication/authorization layer.

After some web searches we found picketlink/picketbox and we were happy becouse we found what we were looking for.

But after some days spent to figure out how to use this API we are not longer happy:

- extemely poor documentation

- missing API documentation

- few examples and most of them are old (based on old API)

- the main projects page (PircketLink and PicketBox) reference old versions and no documentations for theese too.

So at present I think Picket* is not usable. Security requires a well documented API!

If you find a valid solution let me know. We examined also Apache Shiro and Spring Security, but we didn't like them.

Until DeltaSpike will not be ready (or Picket*), we will probably try to extract some code from seam-security.

Lorenzo

Hello ,

what do you think abut 3.0.0.Alpha1 ?

Like you I am struggling with migrating some projects from seam2.2 / seam2.3 to cdi and however i think that PicketLink is the right way.

Luca

I agree with you PicketBox and PicketLink are the right way, but I need to know howto use them :-)

If you find some more docs let me know.

Lorenzo

I checked out code from git://github.com/picketlink/picketlink-quickstarts.git to learn how to use PicketLink.  I also used information on this page https://docs.jboss.org/author/display/PLINK/Installation since I use JBoss AS 7.

What's disappointing is that it seems one has to specify the URL of IDP in picketlink.xml which gets compiled into .war file.  This makes it difficult to do configuration at deployment time.  If someone knows of an alternative please provide the information.

I do agree that there is not much useful information.  No matter how good the software is if no one knows how to use it, it's worthless.

It seems to me that in the OpenSource age, people intend not to provide the information so that they can sell their own books.

Anil Arora wrote:

 

Hello, all

 

Are there any existing examples out there on how, going forward, we should be using PicketLink in our JEE web applications, in the JBoss AS 7 environment?  Last week, we noticed that Seam 3 all but disappeared, and unfortunately, documentation has now been harder to find across all of the various projects now (PicketLink, DeltaSpike, etc.)  It has been extremely frustrating to just to figure out where things are going.

 

What are the recommended practices here?  We'd like to take advantage of IDM to do all of our User management, using JPA storage.  We will be requiring a security model for our webservices as well as our UI.  Where do we go from here?

 

I've been trying to translate what I've been able to find with Seam 3 configuration to PicketLink 3 configuration, but it still seems off.  But if anyone has any suggestions, that would be helpful.

 

Thanks!

Hi,

   PicketLink3 is where you should be going. The project is moving smoothly toward a 3.0 Release in June (https://docs.jboss.org/author/display/PLINK/PicketLink3.0-Roadmap).  We did have a Beta1 release recently (http://www.jboss.org/picketlink/downloads).  The docs are at http://docs.jboss.org/picketlink/3/     We missed uploading the docs for Beta1 which should be coming today or so.

Shane wrote a blog post for the Alpha1  (http://in.relation.to/Bloggers/PicketLink30Alpha1Released)

Any other questions, please ask.

David Phan wrote:

 

I checked out code from git://github.com/picketlink/picketlink-quickstarts.git to learn how to use PicketLink.  I also used information on this page https://docs.jboss.org/author/display/PLINK/Installation since I use JBoss AS 7.

 

What's disappointing is that it seems one has to specify the URL of IDP in picketlink.xml which gets compiled into .war file.  This makes it difficult to do configuration at deployment time.  If someone knows of an alternative please provide the information.

 

I do agree that there is not much useful information.  No matter how good the software is if no one knows how to use it, it's worthless.

 

It seems to me that in the OpenSource age, people intend not to provide the information so that they can sell their own books.

Quickstarts is the best way to learn to use the technology.  We are still updating the quickstarts for PicketLink v3.

Hi,

Just come across PicketLink and it is exactly what I want !...

I've built a JEE/JPA/JSF2 application with JBoss Forge and now I want to add role based access control to it.

From reading the documentation, I *think* I can do this with PL but I need some examples/tutorial/guidance - can someone point me at the appropriate resources ?

Thanks,