[Apiman-user] Authorization policy with Web Service
Eric Wittmann
eric.wittmann at redhat.com
Tue Jan 26 08:11:13 EST 2016
The Authorization policy is specific to RESTful APIs - it uses the HTTP
verb (as you noted) when determining if a request is allowed. In fact,
we've recently updated the UI to provide a drop-down for the Verb rather
than having people type it in.
To perform Authorization using the SOAPAction HTTP header, I think we
need a new policy.
If you're up for doing that yourself, fantastic. If not then please add
a JIRA feature request and we'll get something built when we can. It
shouldn't be very difficult.
-Eric
On 1/26/2016 1:07 AM, Charles Moulliard wrote:
> Hi,
>
> Could it be possible to use the existing authorization policy to handle WebService where according to the SOAPAction we have to authorize the call to a method or do we have to create a new authorization policy ?
>
> As a WebService is not managed as RESTfull service where the HTTP Operation (= verb) can be used to determine if we will create, read or update something and restrict access for a user based on a role (writer, reader or admin), I try to figure out how we could achieve that authorization (= role based) based on the SOAPAction for webservice without creating a different WebService with only one operation/method to handle the actions to create/delete/read/update ...
>
> Regards,
>
> Charles
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
More information about the Apiman-user
mailing list