[
https://issues.apache.org/jira/browse/CXF-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Valeri updated CXF-2754:
------------------------------
Attachment: Alternate-framework-class.png
Alternate-framework-sequence.png
Attached diagrams for initial security profile / authentication framework
discussion on the dev list:
http://old.nabble.com/Using-WS-Security-UsernameToken-to-authenticate-users-and-populate--SecurityContexts-to28165583.html
> Extend WS-Security component for higher level containers be able to use
> UsernameToken to authenticate a user and populate SecurityContext
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2754
> URL: https://issues.apache.org/jira/browse/CXF-2754
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.3, 2.2.8
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 2.3, 2.2.8
>
> Attachments: Alternate-framework-class.png,
> Alternate-framework-sequence.png, cxf-2754-2.patch
>
>
> By default, WSS4JInInterceptor relies on CallbackHandlers to provide or
> validate a password for handling digests and clear-texts respectively.
> Also, the default SecurityContext is partially populated and thus can not be
> used for the authorization decisions.
> Higher level containers should be able to delegate to their own subsystems
> for authenticating a user and populating SecurityContext
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
