Hi Oli
thanks for initiating this thread
On 29/03/12 07:06, Oliver Wulff wrote:
Hi all
I'd like to start working on the RBAC (see mail "Role based access control with SAML
in CXF") and the Claims support for JAX-WS. Sergey has already implemented that for
JAX-RS.
I'd propose to move these classes (claims, annotations) to a frontend
independent module like rt/security thus it can be used by JAX-WS and JAX-RS.
To get this done for 2.6 would be very good. Otherwise, we can do this for 2.7
earliest. I'd like to avoid in having different Claims classes for the same
purpose when using JAX-RS or JAX-WS.
What do you think?
+1.
I think it might be a bit tight to get both the annotations & the actual
data classes representing Claims given that at the moment Claims data
classes used within the JAX-RS frontend are different from the ones
available in the WS Security module.
We have 3 pieces to deal with:
- Annotations (visible at the application code level) [1]
- ClaimsAuthorizingInterceptor which enforces those annotations against
the incoming claims data available at runtime
- The actual Claim classes keeping the info about the claims
Moving Annotations to the common package can be done quickly enough that
would let us have the JAX-WS & JAX-RS code using the same visible
annotations.
The interim solution for JAX-WS then is to provide its own
ClaimsAuthorizingInterceptor which will operate on WS specific Claim
classes. And then we can introduce at some stage the common interceptor
once we 'merge' the Claim data classes, I'd be OK adapting JAX-RS Claim
classes as close as possible to WS ones.
But let me move the annotations first. Who knows may be we will also be
able to merge Claim data classes before 2.6 is out :-)
Thanks, Sergey
[1] http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLAuthorization
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division
http://www.talend.com
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com