Hi, I would implement that also using JAAS. You can create additional custom LoginModule, receiving user Kerberos principle in CallbackHandler as parameter. This LoginModule will validate group membership of this user and (if necessary) adds appropriate Principles into security Subject. You can take Karaf LDAPLoginModule as a sample.
Regards, Andrei. > -----Original Message----- > From: smkheir [mailto:[email protected]] > Sent: Montag, 6. Oktober 2014 14:22 > To: [email protected] > Subject: RE: cxf kerberos + karaf blueprint > > Thanks Andrei. I did this and KerberosTokenValidator picked it up. All working > fine now. > > I have another question and was wondering if you can help? > > I'm getting my caller principal via wscontext and need to check its group > membership within one of active directory groups. What is the best way to > achieve this? > > Many thanks, > Smkheir > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/cxf-kerberos- > karaf-blueprint-tp5749380p5749462.html > Sent from the cxf-user mailing list archive at Nabble.com.
