Space: Apache Tuscany Docs 2.x
(http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x)
Page: SCA Java binding.http security policy section
(http://cwiki.apache.org/confluence/display/TUSCANYxDOCx2x/SCA+Java+binding.http+security+policy+section)
Edited by Luciano Resende:
---------------------------------------------------------------------
h3. Security Policy support in HTTP and Web 2.0 Bindings
{info} work in progress {info}
h3. Scenarios
* A Web 2.0 application requires that a user get authenticated before it can
access the application.
* A Web 2.0 application requires that all communication between client/server
be done using SSL.
* A given service, exposed using a web 2.0 binding requires user authentication.
* A given operation, exposed using a web 2.0 binding requires user
authentication.
h3.Policy Interceptor
The design approach that is being considered is to inject policy security
interceptors, that would properly validate and enforce the security intents.
The authentication will be done using JAAS modules for authentication, and
initially we would support authenticating to a list of username/password
supplied by the application or using an LDAP.
!policy_interceptors_high_level_design.jpg|align=center!
Change your notification preferences:
http://cwiki.apache.org/confluence/users/viewnotifications.action
