[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1175) Provide security authentication per wsrp producer in the consumer

Julien Viet (JIRA) jira-events at jboss.com
Fri Dec 29 09:07:29 EST 2006 

Provide security authentication per wsrp producer in the consumer
-----------------------------------------------------------------

                 Key: JBPORTAL-1175
                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1175
             Project: JBoss Portal
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Portal WSRP
            Reporter: Julien Viet
         Assigned To: Chris Laprun
             Fix For: 2.6.Beta1


Security based on SOAP/HTTP security which allow basic/digest authentication.
Usually the stub can be configured using smth like :

Stub stub = // ... get the Stub;
stub._setProperty ("javax.xml.rpc.security.auth.username", "juliet");
stub._setProperty ("javax.xml.rpc.security.auth.password", "mypassword");

We need to support several kind of username/password style, so we should have 

1/ a global username/password for the whole producer, smth like

<wsrp-producer>
   <producer-id>blah</producer-id>
...
   <auth-config>
      <username>blah username</username>
      <password>blah password</password>
   </auth-config>
</wsrp-producer>

2/ a generic mechanism that would allow more fine grained username/password that can allow to make identity propagation (for sso)

<wsrp-producer>
   <producer-id>blah</producer-id>
...
   <auth-config>
      <credential-factory>org.client.BlahCredentialFactory</credential-factory>
   </auth-config>
</wsrp-producer>

with an interface which allows to retrieve credentials. Usually the factory implementations leverage thread local mechanisms to integrate the user identity with a username/password storage like :

String userId = UserId.getCurrentUserId();
String password = passwordStore.getPassword(userId);
return new WSRPCredential(userId, password);


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list