Re: Move JAX-RS claims classes to frontend independent module rt/security

Thu, 29 Mar 2012 05:00:36 -0700 

Hi Oli

thanks for initiating this thread

On 29/03/12 07:06, Oliver Wulff wrote:

Hi all

I'd like to start working on the RBAC (see mail "Role based access control with SAML 
in CXF") and the Claims support for JAX-WS. Sergey has already implemented that for 
JAX-RS.

I'd propose to move these classes (claims, annotations) to a frontend 
independent module like rt/security thus it can be used by JAX-WS and JAX-RS. 
To get this done for 2.6 would be very good. Otherwise, we can do this for 2.7 
earliest. I'd like to avoid in having different Claims classes for the same 
purpose when using JAX-RS or JAX-WS.

What do you think?


+1.
I think it might be a bit tight to get both the annotations & the actual data classes representing Claims given that at the moment Claims data classes used within the JAX-RS frontend are different from the ones available in the WS Security module. 

We have 3 pieces to deal with:
- Annotations (visible at the application code level) [1]
- ClaimsAuthorizingInterceptor which enforces those annotations against the incoming claims data available at runtime 
- The actual Claim classes keeping the info about the claims
Moving Annotations to the common package can be done quickly enough that would let us have the JAX-WS & JAX-RS code using the same visible annotations. The interim solution for JAX-WS then is to provide its own ClaimsAuthorizingInterceptor which will operate on WS specific Claim classes. And then we can introduce at some stage the common interceptor once we 'merge' the Claim data classes, I'd be OK adapting JAX-RS Claim classes as close as possible to WS ones.
But let me move the annotations first. Who knows may be we will also be able to merge Claim data classes before 2.6 is out :-) 

Thanks, Sergey

[1] http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLAuthorization


Thanks
Oli




------

Oliver Wulff

Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

<http://coders.talend.com>Talend Application Integration Division 
http://www.talend.com




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to