Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] replied to the discussion
"JBWS-2210 : CXF Username Token JAAS integration" To view the discussion, visit: http://community.jboss.org/message/536504#536504 -------------------------------------------------------------- Thanks Darran and Anil for the involvement in this thread. > The approach of having two interceptors (one for authentication and one for > authorization) is probably the biggest part of this problem already solved. +1 > Where this becomes really apparent is where endpoints are deployed as EJB3 > session beans, in this case the container can already be configured to > perform authentication and authorization - as a deployed session bean can > potentially be called from multiple different clients it makes sense for the > authorization checks to remain with the bean. > A second requirement would be related to endpoints deployed as POJOs - > although these do not have any container security before the invocation there > is still the potential that the implementations will call other secured > resources so any identity would need to be propagated for these calls. I think I've mentioned this to Sergey offline before, but the comments above better clarify the concept, thanks Darran. > A final feature related to this that I know there is user demand for would be > the ability to annotate the POJO endpoints with the same role annotations as > used on EJB3 sesstion beans - we were unable to do this for our Native > implementation of this as we had to support JAX-RPC as well as JAX-WS but as > this would be JAX-WS only this could be an option and may help simplify the > role configuration. Definitely a good idea, that could also simplify the user experience. JAX-RPC endpoints are not going to be deployed using the CXF impl, so it's actually JAX-WS only. We might want to think about a proper roles' configuration with a xml descriptor too later, but the annotation solution is probably the idea one for the first implementation. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536504#536504] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2047]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
