Hi there For the REST services of the Fediz IDP I'd like to support initially three security use cases.
1) Basic Authentication, Username/Password validated against the STS 2) Basic Authentication, Username/Password validated with JAAS 3) SAML token in Basic Authorization header In CXF 3.0, each REST security interceptor enforces the security credentials it supports. Therefore, you can't just configure all interceptors like: org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler org.apache.cxf.jaxrs.security.JAASAuthenticationFilter The interceptors should not throw an exception but instead assert the token (similar the policy) and finally an interceptor checks whether one token was provided and successfully validated. Other ideas? Thanks Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect http://coders.talend.com <http://coders.talend.com>Talend Application Integration Division http://www.talend.com
