12:07 a.m.
Hi,
Could it be possible to use the existing authorization policy to handle WebService where
according to the SOAPAction we have to authorize the call to a method or do we have to
create a new authorization policy ?
As a WebService is not managed as RESTfull service where the HTTP Operation (= verb) can
be used to determine if we will create, read or update something and restrict access for a
user based on a role (writer, reader or admin), I try to figure out how we could achieve
that authorization (= role based) based on the SOAPAction for webservice without creating
a different WebService with only one operation/method to handle the actions to
create/delete/read/update ...
Regards,
Charles
7:11 a.m.
The Authorization policy is specific to RESTful APIs - it uses the HTTP
verb (as you noted) when determining if a request is allowed. In fact,
we've recently updated the UI to provide a drop-down for the Verb rather
than having people type it in.
To perform Authorization using the SOAPAction HTTP header, I think we
need a new policy.
If you're up for doing that yourself, fantastic. If not then please add
a JIRA feature request and we'll get something built when we can. It
shouldn't be very difficult.
-Eric
On 1/26/2016 1:07 AM, Charles Moulliard wrote:
Hi,
Could it be possible to use the existing authorization policy to handle WebService where
according to the SOAPAction we have to authorize the call to a method or do we have to
create a new authorization policy ?
As a WebService is not managed as RESTfull service where the HTTP Operation (= verb) can
be used to determine if we will create, read or update something and restrict access for a
user based on a role (writer, reader or admin), I try to figure out how we could achieve
that authorization (= role based) based on the SOAPAction for webservice without creating
a different WebService with only one operation/method to handle the actions to
create/delete/read/update ...
Regards,
Charles
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user
3269
days inactive
3269
days old
1 comments
2 participants
participants (2)
-
Charles Moulliard -
Eric Wittmann