On Tue, Sep 28, 2010 at 2:10 PM, Millies, Sebastian <[email protected]> wrote: > Hello Simon, > > have you been able to find an example? I have looked around, but > the only detailed example I could find was in the Websphere feature > pack for SCA and depended on running SCA inside IBM Websphere's > security infrastructure, whereas I am looking at a standalone > Tuscany runtime. > > -- Sebastian > > >> -----Original Message----- >> From: Simon Laws [mailto:[email protected]] >> Sent: Tuesday, September 21, 2010 11:28 AM >> To: [email protected] >> Subject: Re: JAAS and the RequestContext object >> >> On Mon, Sep 20, 2010 at 3:23 PM, Millies, Sebastian >> <[email protected]> wrote: >> > Hello there, >> > >> > I have been trying to figure out how I can authenticate a user >> > to my application (with username/password) so that every SCA >> > RequestContext object will afterwards contain a Principal or >> > SecuritySubject that allows me to associate any service method >> > call in my application with that user. >> > >> > Can anyone point me in the right direction? I have managed a >> > JAAS Login Module, but how can I influence the contents of the >> > request context in Tuscany 1.6? >> > >> > -- Sebastian >> > >> > >> >> Hi Sebastien >> >> IIRC there is a Security Indentity policy that moves the subject from >> the Tuscany message into the context. Let me see if I can find an >> example. >> >> Simon >> >> -- >> Apache Tuscany committer: tuscany.apache.org >> Co-author of a book about Tuscany and SCA: tuscanyinaction.com >
Oh blimey, I must have got distracted at the time as I forgot to look. Apologies. There is an itest in 1.x called policy-security-basicauth [1] that defines a basicauth and identity policy as follows.... <definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"; targetNamespace="http://itest/policy"; xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"; xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"; xmlns:ip="http://itest/policy"; > <sca:policySet name="BasicAuthenticationPolicySet" provides="authentication" appliesTo="sca:binding.ws"> <tuscany:basicAuthentication> <tuscany:userName>myname</tuscany:userName> <tuscany:password>mypassword</tuscany:password> </tuscany:basicAuthentication> </sca:policySet> <sca:policySet name="ImplementationIdentityPolicySet" provides="tuscany:identity" appliesTo="sca:implementation.java"> <securityIdentity> <useCallerIdentity/> </securityIdentity> </sca:policySet> </definitions> There are used in a composite as follows: <composite xmlns="http://www.osoa.org/xmlns/sca/1.0"; targetNamespace="http://itest/policy"; xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"; xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"; xmlns:ip="http://itest/policy"; name="Helloworld"> <component name="HelloWorldClientComponent"> <implementation.java class="helloworld.HelloWorldClientImpl" /> <service name="HelloWorldService"> <interface.java interface="helloworld.HelloWorldService"/> <binding.sca/> </service> <reference name="helloworldWS" requires="authentication"> <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/> </reference> </component> <component name="HelloWorldServiceWSComponent"> <implementation.java class="helloworld.HelloWorldServiceImpl" requires="tuscany:identity"/> <service name="HelloWorldService" requires="authentication"> <interface.java interface="helloworld.HelloWorldService"/> <binding.ws uri="http://localhost:8085/HelloWorldServiceWSComponent"/> </service> </component> </composite> Note the tuscany:identity intent on the implementation and the authentication intent on the binding. The HelloWorldServiceImpl that has the tuscany:identity intent applied accesses the request context as follows: @Service(HelloWorldService.class) public class HelloWorldServiceImpl implements HelloWorldService { @Context protected RequestContext requestContext; public String getGreetings(String name) { Subject subject = requestContext.getSecuritySubject(); if (subject == null){ return "Hello " + name + " null subject"; } else { return "Hello " + name + " " + subject.toString(); } } } Now I should point out that the basic auth policy in this case is not that useful. IIRC it only "applies to" the web services binding and only deals with credentials stored in the policy set itself. Luciano looked at security more generally over HTTP and plugging into LDAP. There was an example of some of this in the store-secure sample [2] but you're right, I don't see any examples of it being used in combination with the identity policy. So there may very well be some policy work to do to make those two work together. [1] http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/itest/policy-security-basicauth/ [2] http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/samples/store-secure/ Regards Simon -- Apache Tuscany committer: tuscany.apache.org Co-author of a book about Tuscany and SCA: tuscanyinaction.com
