Hi Prabath,
On Wed, Nov 13, 2013 at 11:53 AM, Prabath Siriwardena <[email protected]>wrote: > Ideally it should be a handler - not a mediator... This should get > executed before the message comes to the inSequence. > Agreed, we should filter out the unauthenticated requests before they hit the sequence. But how we going to provide the configuration if we are going to make this a handler, I'm more concerned about how a developer can enable- disable basic authentication for his proxy service or API in a multi tenanted environment ? Thanks, -Suresh > > Thanks & regards, > -Prabath > > > On Wed, Nov 13, 2013 at 10:24 PM, Miyuru Wanninayaka <[email protected]>wrote: > >> Hi all, >> >> Currently most security stuff handled at rampart level (except OAuth and >> XACML which is done via mediators). Even for http basic auth, we converts >> those to WS-Sec headers and validate via rampart which is really expensive. >> >> If we have a HTTP basic auth mediator, we can do it even without touching >> payload and can get performance almost equal to passthrough proxying. >> >> Even we may be able to handle WS username token without rampart. >> >> WDYT? >> >> -- >> Miyuru Wanninayaka >> Technical Lead >> WSO2 Inc. : http://wso2.com >> >> Mobile : +94 77 209 9788 >> Blog : http://miyurudw.blogspot.com >> Flickr : http://www.flickr.com/photos/miyuru_daminda >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Suresh Attanayake Senior Software Engineer; WSO2 Inc. http://wso2.com/ Blog : http://sureshatt.blogspot.com/ Web : http://www.ssoarcade.com/ Facebook : https://www.facebook.com/IdentityWorld Twitter : https://twitter.com/sureshatt LinkedIn : http://lk.linkedin.com/in/sureshatt Mobile : +94755012060 Mobile : +016166171172
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
