Re: New aries blueprint module for authorization based on JAAS and annotations

Fri, 11 Jul 2014 09:58:33 -0700 

Hi Christian,

It looks very interesting. I would see it in blueprint/blueprint-authz.

Let see what's the team thinks about that.

Regards
JB

On 07/11/2014 02:49 PM, Christian Schneider wrote:

I would like to add a new component to Aries. The component is a
blueprint extension that implements role based access control based on
an existing JAAS authentication and JEE annotations (@RolesAllowed).

I created a first prototype here:
https://github.com/cschneider/blueprint-authz

The component works very well with the newly enhanced CXF
JAASAuthenticationFeature which does a JAAS login based on basic auth or
username token.

So is there interest in Aries for this component and if yes where should
I place it? My proposal would be to place it a a new sub module of
blueprint.

Christian

----
Below you can find an example of how to use the extension. The example
publishes a CXF JAXWS endpoint and secures it with basic auth. By
default it uses the jaas context "karaf" so it works with the karaf users.
After successful authentication the service impl is called. Here the
blueprint extension kicks in and will limit access  to methods based on
@RolesAllowed annoations on methods.

So for example @RolesAllowed("admin") will grant access to all users in
the admin group.
In the below example it is important to use implementorClass in the cxf
endpoint as else CXF will see the proxy instead of the bean and not be
able to reflect on the service.

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:authz="http://aries.apache.org/xmlns/authorization/v1.0.0";
xmlns:cxf="http://cxf.apache.org/blueprint/core";
xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws";>
     <authz:enable/>

     <cxf:bus id="personServiceBus">
         <cxf:features>
             <bean
class="org.apache.cxf.interceptor.security.JAASAuthenticationFeature">
                 <property name="reportFault" value="true"/>
             </bean>
         </cxf:features>
     </cxf:bus>

     <jaxws:endpoint
         implementor="#personServiceImpl"
         address="/personService"

implementorClass="net.lr.tutorial.karaf.cxf.personservice.impl.PersonServiceImpl"/>


     <bean id="personServiceImpl"
class="net.lr.tutorial.karaf.cxf.personservice.impl.PersonServiceImpl"/>
</blueprint>




--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com

Reply via email to