[jboss-dev-forums] [JBoss ESB Development] - EBWS Security Support

[beve]

I'm working on "Web service publishing support for ESB services ignores WS-Security. " https://jira.jboss.org/jira/browse/JBESB-2552.

This task has to concerns:
1. Add support for container security
2. Add support for ESB Service security

1. Add suppport for container security
Every EBWS in the same jboss-esb.xml will share the same war. Also, any http providers will also share this same war. This brings up the question about how do we configure container security for EBWS since a war can only have a single security domain?

My question is how do we want to configure the container security for EBWS in this shared war model?
Should there be a separate global configuration in jboss-esb.xml that defines the security domain that will set the security domain for the war.

2. Add support for ESB Service security
Should EBWS be a special case where the normal ESB security is ignored and and we let the container handle security for us. This will make the service unsecured to a stand-alone client using the ServiceInvoker to directly call the service by-passing the gateway (EBWS in this case). But this might be OK?

What are your thought on this?

Regards,

/Daniel


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4257415#4257415

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4257415