Am 16.06.2011 16:21, schrieb Sergey Beryozkin:
Also, CXF ships runtime AuthenticationException and
AuthorizationException. So BasicAuthInterceptor
can possibly check for both, provided a given UserNamePasswordProvider
decides it needs to do the authorization as well, so may be
UserNamePasswordProvider should also be provided with a current
Message ? So that some impls can get whatever context info they need
in order to proceed with the early authorization step...Method name
can be enough, but paramers, client ip, etc, may be needed for a final
decision...
As Authorization is quite simple as you showed with the existing impls I
think we should rather not have the Authentication impl do
authorization. I am not sure if any more context info is needed for
authentication too but I think we could first start with only username
and password and see when someone really needs more.
Christian
--
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
Talend Application Integration Division http://www.talend.com
