[jboss-dev-forums] [JBoss ESB Development] - Re: EBWS Security Support
jeffdelong
do-not-reply at jboss.com
Tue Sep 29 10:50:25 EDT 2009
I am not sure why spend the effort creating a new global section to the jboss-esb.xml. I have never thought that there should be more than one "service" per jboss-esb.xml file even though we allow it. In a service oriented architecture each service should be independently deployed, so from a best practice standpoint, I think having a separate jboss-esb.xml file for each service makes more sense.
What I would like to understand is that even when authentication is performed by the container, the EBWS gateway will add the security token to the ESB message context, and that the ESB will use this for authorization to ESB services, i.e. rolesAllowed and runAs would be supported. Also, that this security context would be available through the API for other programs to access.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4257671#4257671
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4257671
More information about the jboss-dev-forums
mailing list