[
https://issues.apache.org/jira/browse/CXF-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13022125#comment-13022125
]
Sergey Beryozkin commented on CXF-3462:
---------------------------------------
It is the latter.
Using service-side callback handlers and STS for validating the basic auth info
is kind of orthogonal to each other, but as it happend, STSTokenValidator which
uses STSClient is implemented as a callback handler, or WSS4J Validator.
The goal is to ensure HTTPS protected endpoints (JAX-RS or JAX-WS ones not
relying on WS-Sec) can utilize STS (when dictated by the internal sec policy)
for validating the tokens and even more importantly, getting SAML tokens back
which can be used for subsequent authorization decisions
> Provide CXF interceptor making it easy to use STS for validating BasicAuth
> info
> -------------------------------------------------------------------------------
>
> Key: CXF-3462
> URL: https://issues.apache.org/jira/browse/CXF-3462
> Project: CXF
> Issue Type: New Feature
> Components: WS-* Components
> Affects Versions: 2.4
> Reporter: Sergey Beryozkin
> Fix For: 2.4.1
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
