In 0.6, we only support confidentiality and clientAuthentication. We do not yet support authorization.
We should be able to:
1) Set rolesAllowed and runAs on the security configuration.
2) Add roles to the Subject (after successful authentication).
3) Verify the Subject has the roles required before invoking a service.
Much of the above is already in the code for 0.6, but commented out. This is because it was forecast as a future requirement for SwitchYard, after having looked at the JBossESB Security implementation.
|