[jboss-user] [JBoss Web Services Development] - JBWS-2210 : CXF Username Token JAAS integration

[Alessio Soldano]

Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] replied to the discussion

"JBWS-2210 : CXF Username Token JAAS integration"

To view the discussion, visit: http://community.jboss.org/message/536504#536504

--------------------------------------------------------------
Thanks Darran and Anil for the involvement in this thread.
> The approach of having two interceptors (one for authentication and one for authorization) is probably the biggest part of this problem already solved.
+1

> Where this becomes really apparent is where endpoints are deployed as EJB3 session beans, in this case the container can already be configured to perform authentication and authorization - as a deployed session bean can potentially be called from multiple different clients it makes sense for the authorization checks to remain with the bean.
> A second requirement would be related to endpoints deployed as POJOs - although these do not have any container security before the invocation there is still the potential that the implementations will call other secured resources so any identity would need to be propagated for these calls.

I think I've mentioned this to Sergey offline before, but the comments above better clarify the concept, thanks Darran.

> A final feature related to this that I know there is user demand for would be the ability to annotate the POJO endpoints with the same role annotations as used on EJB3 sesstion beans - we were unable to do this for our Native implementation of this as we had to support JAX-RPC as well as JAX-WS but as this would be JAX-WS only this could be an option and may help simplify the role configuration.
Definitely a good idea, that could also simplify the user experience. JAX-RPC endpoints are not going to be deployed using the CXF impl, so it's actually JAX-WS only. We might want to think about a proper roles' configuration with a xml descriptor too later, but the annotation solution is probably the idea one for the first implementation.

--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/536504#536504]

Start a new discussion in JBoss Web Services Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2047]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100409/1252062f/attachment.html