Hi Oli
On 05/02/14 19:56, Oliver Wulff wrote:
Hi there
For the REST services of the Fediz IDP I'd like to support initially three
security use cases.
1) Basic Authentication, Username/Password validated against the STS
2) Basic Authentication, Username/Password validated with JAAS
I guess realistically, in case of Basic, it is either 1 or 2
3) SAML token in Basic Authorization header
In CXF 3.0, each REST security interceptor enforces the security credentials it
supports. Therefore, you can't just configure all interceptors like:
org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor
org.apache.cxf.rs.security.saml.SamlEnvelopedInHandler
org.apache.cxf.jaxrs.security.JAASAuthenticationFilter
The interceptors should not throw an exception but instead assert the token
(similar the policy) and finally an interceptor checks whether one token was
provided and successfully validated.
Other ideas?
I'll be OK with the individual interceptors enforcing it. Otherwise we'd
need to chain them, etc, but having a basic delegating interceptor which
would check the authorization scheme and do something like:
public void handleMessage(Message message) {
if (isBasic(message.get(Message.REQUEST_HEADERS))) {
basicAuthInterceptor.handleMessage(message);
} else {
samlInterceptor.handleMessage(message);
}
Some basic policy support can be thought of as well, as you said, for
example, we can have a BasicAuthJaas policy - this will use JAAS
interceptor, etc. I think the policies are more interesting when we can
expect some interoperability but also when a series of interceptors is
needed to validate a single requirement...
So I'd start with the direct coding first
Cheers, Sergey
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division
http://www.talend.com
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
