New aries blueprint module for authorization based on JAAS and annotations

Fri, 11 Jul 2014 05:50:01 -0700

I would like to add a new component to Aries. The component is a blueprint extension that implements role based access control based on an existing JAAS authentication and JEE annotations (@RolesAllowed). 

I created a first prototype here:
https://github.com/cschneider/blueprint-authz
The component works very well with the newly enhanced CXF JAASAuthenticationFeature which does a JAAS login based on basic auth or username token.
So is there interest in Aries for this component and if yes where should I place it? My proposal would be to place it a a new sub module of blueprint. 

Christian

----
Below you can find an example of how to use the extension. The example publishes a CXF JAXWS endpoint and secures it with basic auth. By default it uses the jaas context "karaf" so it works with the karaf users. After successful authentication the service impl is called. Here the blueprint extension kicks in and will limit access to methods based on @RolesAllowed annoations on methods.
So for example @RolesAllowed("admin") will grant access to all users in the admin group. In the below example it is important to use implementorClass in the cxf endpoint as else CXF will see the proxy instead of the bean and not be able to reflect on the service. 

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; 
xmlns:authz="http://aries.apache.org/xmlns/authorization/v1.0.0"; 
xmlns:cxf="http://cxf.apache.org/blueprint/core"; xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws";>
    <authz:enable/>

    <cxf:bus id="personServiceBus">
        <cxf:features>
                <bean 
class="org.apache.cxf.interceptor.security.JAASAuthenticationFeature">
                        <property name="reportFault" value="true"/>
                </bean>
        </cxf:features>
    </cxf:bus>

    <jaxws:endpoint
        implementor="#personServiceImpl"
        address="/personService"
        
implementorClass="net.lr.tutorial.karaf.cxf.personservice.impl.PersonServiceImpl"/>

    <bean id="personServiceImpl" 
class="net.lr.tutorial.karaf.cxf.personservice.impl.PersonServiceImpl"/>
</blueprint>


--
Christian Schneider
http://www.liquid-reality.de

Open Source Architect
http://www.talend.com

Reply via email to