[jboss-dev-forums] [Design of JBoss ESB] - Re: Http Gateway - requirements please...
tfennelly
do-not-reply at jboss.com
Wed Aug 5 08:29:46 EDT 2009
OK... so I think I eventually got it generating the security bits. Was a bit of pita :)
It looks slightly different from above, but amounts to the same thing.
So the http-provider definition (inside the jboss-esb.xml) is now looking like....
| <http-provider name="http">
| <http-bus busid="ordermgt" />
|
| <http-bus busid="sales">
| <allowed-roles>
| <role name="friend" />
| </allowed-roles>
| <protected-methods>
| <method name="GET" />
| </protected-methods>
| </http-bus>
|
| <auth method="BASIC" domain="java:/jaas/AcmeSecProvider" />
| </http-provider>
|
How the roles and methods are currently working can be summed up as follows...
| Methods Specified | Roles Specified | Login Required
| ----------------------------------------------------------------------------
| No | No | No
| No | Yes | For All Methods
| Yes | Yes | For Specified Methods
| Yes | No | No - Specified Methods blocked to all
|
I think this is right, yeah?
Note how the security domain can be configured on the auth element.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4248109#4248109
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4248109
More information about the jboss-dev-forums
mailing list