Re: [jboss-dev-forums] [JBoss Web Services Development] - JBWS-2210 : CXF Username Token JAAS integration
- First Post
- Replies
- Stats
-
Go to
- ----- 2026 -----
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] replied to
the discussion
"JBWS-2210 : CXF Username Token JAAS integration"
To view the discussion, visit: http://community.jboss.org/message/536504#536504
--------------------------------------------------------------
Thanks Darran and Anil for the involvement in this thread.
The approach of having two interceptors (one for authentication and
one for authorization) is probably the biggest part of this problem already solved.
+1
Where this becomes really apparent is where endpoints are deployed as
EJB3 session beans, in this case the container can already be configured to perform
authentication and authorization - as a deployed session bean can potentially be called
from multiple different clients it makes sense for the authorization checks to remain with
the bean.
A second requirement would be related to endpoints deployed as POJOs - although these do
not have any container security before the invocation there is still the potential that
the implementations will call other secured resources so any identity would need to be
propagated for these calls.
I think I've mentioned this to Sergey offline before, but the comments above better
clarify the concept, thanks Darran.
A final feature related to this that I know there is user demand for
would be the ability to annotate the POJO endpoints with the same role annotations as used
on EJB3 sesstion beans - we were unable to do this for our Native implementation of this
as we had to support JAX-RPC as well as JAX-WS but as this would be JAX-WS only this could
be an option and may help simplify the role configuration.
Definitely a good idea,
that could also simplify the user experience. JAX-RPC endpoints are not going to be
deployed using the CXF impl, so it's actually JAX-WS only. We might want to think
about a proper roles' configuration with a xml descriptor too later, but the
annotation solution is probably the idea one for the first implementation.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/536504#536504]
Start a new discussion in JBoss Web Services Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&...]
Attachments:
- attachment.html (text/html — 4.9 KB)
5839
days inactive
5839
days old
jboss-dev-forums@lists.jboss.org
0 comments
1 participants
tags (0)
participants (1)
-
Alessio Soldano